Lucene search

CBL MarinerCBLMARINER:6808

HistoryApr 26, 2022 - 7:57 p.m.

CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1

2022-04-2619:57:36

CBL Mariner

cve-2021-28957

python-lxml

package version

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1. An upgraded version of the package is available that resolves this issue.

OSVersionArchitecturePackageVersionFilename
CBL-Mariner2.0allpython-lxml< 4.8.0-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
CBL-Mariner	2.0	all	python-lxml	< 4.8.0-1	UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

Related for CBLMARINER:6808