Search for vulnerabilities
Vulnerability details: VCID-wjdb-errb-17b6
Vulnerability ID VCID-wjdb-errb-17b6
Aliases CVE-2021-28957
GHSA-jq4v-f5q6-mjqq
PYSEC-2021-19
Summary insufficient validation
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28957.json
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00491 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2021-28957
cvssv3.1 6.1 https://bugs.launchpad.net/lxml/+bug/1888153
generic_textual MODERATE https://bugs.launchpad.net/lxml/+bug/1888153
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.1 https://github.com/advisories/GHSA-jq4v-f5q6-mjqq
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-jq4v-f5q6-mjqq
generic_textual MODERATE https://github.com/advisories/GHSA-jq4v-f5q6-mjqq
cvssv3.1 6.1 https://github.com/lxml/lxml
generic_textual MODERATE https://github.com/lxml/lxml
cvssv3.1 6.1 https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
generic_textual MODERATE https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
cvssv3.1 6.1 https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999
generic_textual MODERATE https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999
cvssv3.1 6.1 https://github.com/lxml/lxml/pull/316
generic_textual MODERATE https://github.com/lxml/lxml/pull/316
cvssv3.1 6.1 https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270
generic_textual MODERATE https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-19.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-19.yaml
cvssv3.1 6.1 https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-28957
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28957
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-28957
cvssv3.1 6.1 https://pypi.org/project/lxml
generic_textual MODERATE https://pypi.org/project/lxml
archlinux Medium https://security.archlinux.org/AVG-1720
cvssv3.1 6.1 https://security.gentoo.org/glsa/202208-06
generic_textual MODERATE https://security.gentoo.org/glsa/202208-06
cvssv3.1 6.1 https://security.netapp.com/advisory/ntap-20210521-0004
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20210521-0004
cvssv3.1 6.1 https://www.debian.org/security/2021/dsa-4880
generic_textual MODERATE https://www.debian.org/security/2021/dsa-4880
cvssv3.1 6.1 https://www.oracle.com/security-alerts/cpuoct2021.html
generic_textual MODERATE https://www.oracle.com/security-alerts/cpuoct2021.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28957.json
https://api.first.org/data/v1/epss?cve=CVE-2021-28957
https://bugs.launchpad.net/lxml/+bug/1888153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-jq4v-f5q6-mjqq
https://github.com/lxml/lxml
https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999
https://github.com/lxml/lxml/pull/316
https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270
https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-19.yaml
https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ
https://nvd.nist.gov/vuln/detail/CVE-2021-28957
https://pypi.org/project/lxml
https://security.gentoo.org/glsa/202208-06
https://security.netapp.com/advisory/ntap-20210521-0004
https://security.netapp.com/advisory/ntap-20210521-0004/
https://www.debian.org/security/2021/dsa-4880
https://www.oracle.com/security-alerts/cpuoct2021.html
1941534 https://bugzilla.redhat.com/show_bug.cgi?id=1941534
985643 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985643
AVG-1720 https://security.archlinux.org/AVG-1720
cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
RHSA-2021:4151 https://access.redhat.com/errata/RHSA-2021:4151
RHSA-2021:4158 https://access.redhat.com/errata/RHSA-2021:4158
RHSA-2021:4160 https://access.redhat.com/errata/RHSA-2021:4160
RHSA-2021:4162 https://access.redhat.com/errata/RHSA-2021:4162
USN-4896-1 https://usn.ubuntu.com/4896-1/
USN-4896-2 https://usn.ubuntu.com/4896-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28957.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://bugs.launchpad.net/lxml/+bug/1888153
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/advisories/GHSA-jq4v-f5q6-mjqq
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/pull/316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-19.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-28957
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-28957
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://pypi.org/project/lxml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://security.gentoo.org/glsa/202208-06
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20210521-0004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.debian.org/security/2021/dsa-4880
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuoct2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)
Percentile 0.64651
EPSS Score 0.00491
Published At July 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T11:54:29.083268+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-1720 36.1.3