VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ub64-azys-aaaf

Essentials
Severities (134)
References (55)
Severity details (41)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ub64-azys-aaaf
Aliases	CVE-2021-43818 GHSA-55x5-fj6c-h6m8 PYSEC-2021-852
Summary	lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1664
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1763
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1764
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1821
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1932
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5498
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43818.json
epss	0.00430	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00430	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00430	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00430	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02371	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.02863	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
epss	0.03036	https://api.first.org/data/v1/epss?cve=CVE-2021-43818
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2032569
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-55x5-fj6c-h6m8
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-55x5-fj6c-h6m8
cvssv3.1	5.3	https://github.com/lxml/lxml
generic_textual	MODERATE	https://github.com/lxml/lxml
cvssv3.1	8.2	https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
generic_textual	HIGH	https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
cvssv3.1	8.2	https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776
generic_textual	HIGH	https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776
cvssv3.1	8.2	https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
generic_textual	HIGH	https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
cvssv3.1	8.2	https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
cvssv3.1_qr	HIGH	https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
generic_textual	HIGH	https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
cvssv3.1	8.2	https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml
cvssv3.1	8.2	https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html
cvssv3.1	8.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7
cvssv3.1	8.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V
cvssv3.1	8.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7
cvssv3.1	8.2	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2021-43818
cvssv3	7.1	https://nvd.nist.gov/vuln/detail/CVE-2021-43818
cvssv3.1	7.1	https://nvd.nist.gov/vuln/detail/CVE-2021-43818
archlinux	Medium	https://security.archlinux.org/AVG-2629
cvssv3.1	5.3	https://security.gentoo.org/glsa/202208-06
generic_textual	MODERATE	https://security.gentoo.org/glsa/202208-06
cvssv3.1	8.2	https://security.netapp.com/advisory/ntap-20220107-0005
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20220107-0005
cvssv3.1	8.2	https://www.debian.org/security/2022/dsa-5043
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5043
cvssv3.1	5.3	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43818.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-43818
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/lxml/lxml
		https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
		https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776
		https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
		https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
		https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml
		https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/
		https://security.gentoo.org/glsa/202208-06
		https://security.netapp.com/advisory/ntap-20220107-0005
		https://security.netapp.com/advisory/ntap-20220107-0005/
		https://www.debian.org/security/2022/dsa-5043
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.oracle.com/security-alerts/cpujul2022.html
1001885		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001885
2032569		https://bugzilla.redhat.com/show_bug.cgi?id=2032569
AVG-2629		https://security.archlinux.org/AVG-2629
cpe:2.3:a:lxml:lxml::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lxml:lxml::::::::
cpe:2.3:a:netapp:solidfire:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:solidfire_enterprise_sds:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_enterprise_sds:-:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
CVE-2021-43818		https://nvd.nist.gov/vuln/detail/CVE-2021-43818
GHSA-55x5-fj6c-h6m8		https://github.com/advisories/GHSA-55x5-fj6c-h6m8
RHSA-2022:1664		https://access.redhat.com/errata/RHSA-2022:1664
RHSA-2022:1763		https://access.redhat.com/errata/RHSA-2022:1763
RHSA-2022:1764		https://access.redhat.com/errata/RHSA-2022:1764
RHSA-2022:1821		https://access.redhat.com/errata/RHSA-2022:1821
RHSA-2022:1932		https://access.redhat.com/errata/RHSA-2022:1932
RHSA-2022:5498		https://access.redhat.com/errata/RHSA-2022:5498
USN-5225-1		https://usn.ubuntu.com/5225-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43818.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/lxml/lxml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43818

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43818

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43818

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.gentoo.org/glsa/202208-06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20220107-0005

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5043

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.74166
EPSS Score	0.00430
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.