VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-sky5-23ka-aaaj

Essentials
Severities (122)
References (46)
Severity details (35)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-sky5-23ka-aaaj
Aliases	CVE-2020-27783 GHSA-pgww-xf46-h92r PYSEC-2020-62
Summary	A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27783.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:1761
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:1879
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:1898
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3254
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27783.json
cvssv3.1	6.1	https://advisory.checkmarx.net/advisory/CX-2020-4286
generic_textual	MODERATE	https://advisory.checkmarx.net/advisory/CX-2020-4286
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00210	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00380	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00434	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00584	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00584	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00584	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00584	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00584	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00601	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00601	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.00601	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01026	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01054	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01219	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01219	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01219	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01219	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01219	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
epss	0.01609	https://api.first.org/data/v1/epss?cve=CVE-2020-27783
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1901633
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-pgww-xf46-h92r
cvssv3.1	5.3	https://github.com/lxml/lxml
generic_textual	MODERATE	https://github.com/lxml/lxml
cvssv3.1	6.1	https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
generic_textual	MODERATE	https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
cvssv3.1	6.1	https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2020-62.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2020-62.yaml
cvssv3.1	6.1	https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html
cvssv3.1	6.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL
cvssv3.1	6.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2020-27783
cvssv3	6.1	https://nvd.nist.gov/vuln/detail/CVE-2020-27783
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2020-27783
cvssv3.1	6.1	https://pypi.org/project/lxml
generic_textual	MODERATE	https://pypi.org/project/lxml
archlinux	Medium	https://security.archlinux.org/AVG-1319
cvssv3.1	6.1	https://security.netapp.com/advisory/ntap-20210521-0003
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20210521-0003
cvssv3.1	6.1	https://snyk.io/vuln/SNYK-PYTHON-LXML-1047473
generic_textual	MODERATE	https://snyk.io/vuln/SNYK-PYTHON-LXML-1047473
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4666-1
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4666-2
cvssv3.1	6.1	https://www.debian.org/security/2020/dsa-4810
generic_textual	MODERATE	https://www.debian.org/security/2020/dsa-4810
cvssv3.1	5.3	https://www.oracle.com//security-alerts/cpujul2021.html
generic_textual	MODERATE	https://www.oracle.com//security-alerts/cpujul2021.html

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27783.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27783.json
		https://advisory.checkmarx.net/advisory/CX-2020-4286
		https://api.first.org/data/v1/epss?cve=CVE-2020-27783
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/lxml/lxml
		https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
		https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2020-62.yaml
		https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/
		https://pypi.org/project/lxml
		https://pypi.org/project/lxml/
		https://security.netapp.com/advisory/ntap-20210521-0003
		https://security.netapp.com/advisory/ntap-20210521-0003/
		https://snyk.io/vuln/SNYK-PYTHON-LXML-1047473
		https://ubuntu.com/security/notices/USN-4666-1
		https://ubuntu.com/security/notices/USN-4666-2
		https://www.debian.org/security/2020/dsa-4810
		https://www.oracle.com//security-alerts/cpujul2021.html
1901633		https://bugzilla.redhat.com/show_bug.cgi?id=1901633
ASA-202012-1		https://security.archlinux.org/ASA-202012-1
AVG-1319		https://security.archlinux.org/AVG-1319
cpe:2.3:a:lxml:lxml::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lxml:lxml::::::::
cpe:2.3:a:netapp:snapcenter:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:::::::*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:::::::*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
cpe:2.3:a:redhat:software_collections:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:-:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
CVE-2020-27783		https://nvd.nist.gov/vuln/detail/CVE-2020-27783
GHSA-pgww-xf46-h92r		https://github.com/advisories/GHSA-pgww-xf46-h92r
RHSA-2021:1761		https://access.redhat.com/errata/RHSA-2021:1761
RHSA-2021:1879		https://access.redhat.com/errata/RHSA-2021:1879
RHSA-2021:1898		https://access.redhat.com/errata/RHSA-2021:1898
RHSA-2021:3254		https://access.redhat.com/errata/RHSA-2021:3254
USN-4666-1		https://usn.ubuntu.com/4666-1/
USN-4666-2		https://usn.ubuntu.com/4666-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27783.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://advisory.checkmarx.net/advisory/CX-2020-4286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/lxml/lxml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2020-62.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-27783

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-27783

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-27783

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://pypi.org/project/lxml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20210521-0003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://snyk.io/vuln/SNYK-PYTHON-LXML-1047473

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.debian.org/security/2020/dsa-4810

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com//security-alerts/cpujul2021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.58608
EPSS Score	0.00210
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.