Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2021-43818 First vendor Publication 2021-12-13
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Overall CVSS Score 7.1
Base Score 7.1 Environmental Score 7.1
impact SubScore 3.7 Temporal Score 7.1
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction Required
Scope Changed Confidentiality Impact Low
Integrity Impact Low Availability Impact Low
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
50 % CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 95
Application 1
Application 1
Application 1
Application 1
Application 1
Application 2
Application 1
Os 3
Os 2

Sources (Detail)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
Source Url
CONFIRM https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
https://security.netapp.com/advisory/ntap-20220107-0005/
DEBIAN https://www.debian.org/security/2022/dsa-5043
GENTOO https://security.gentoo.org/glsa/202208-06
MISC https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#...
https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
https://www.oracle.com/security-alerts/cpuapr2022.html
MLIST https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html
N/A https://www.oracle.com/security-alerts/cpujul2022.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Date Informations
2023-11-07 21:33:17
  • Multiple Updates
2022-12-09 21:27:38
  • Multiple Updates
2022-08-11 00:43:21
  • Multiple Updates
2022-08-09 17:27:32
  • Multiple Updates
2022-07-26 00:29:42
  • Multiple Updates
2022-06-16 21:27:24
  • Multiple Updates
2022-04-20 09:23:11
  • Multiple Updates
2022-02-10 21:23:13
  • Multiple Updates
2022-01-23 09:23:07
  • Multiple Updates
2022-01-15 09:23:04
  • Multiple Updates
2022-01-13 09:23:08
  • Multiple Updates
2022-01-10 17:23:10
  • Multiple Updates
2022-01-04 21:23:01
  • Multiple Updates
2021-12-31 00:22:59
  • Multiple Updates
2021-12-26 09:23:01
  • Multiple Updates
2021-12-16 21:22:56
  • Multiple Updates
2021-12-13 21:22:50
  • First insertion