{"api_version":"1","generated_at":"2026-04-22T21:27:13+00:00","cve":"CVE-2021-43818","urls":{"html":"https://cve.report/CVE-2021-43818","api":"https://cve.report/api/cve/CVE-2021-43818.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-43818","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-43818"},"summary":{"title":"CVE-2021-43818","description":"lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2021-12-13 18:15:00","updated_at":"2023-11-07 03:39:00"},"problem_types":["CWE-79","CWE-74"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/","name":"FEDORA-2021-9f9e7c5c4f","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: mingw-python-lxml-4.6.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html","name":"[debian-lts-announce] 20211230 [SECURITY] [DLA 2871-1] lxml security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2871-1] lxml security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776","name":"https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776","refsource":"MISC","tags":[],"title":"Prepare release of 4.6.5. · lxml/lxml@a3eacbc · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/","name":"FEDORA-2022-96c79bf003","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: python-lxml-4.6.5-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/","name":"FEDORA-2022-7129fbaeed","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: python-lxml-4.6.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/","name":"FEDORA-2021-9f9e7c5c4f","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: mingw-python-lxml-4.6.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20220107-0005/","name":"https://security.netapp.com/advisory/ntap-20220107-0005/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-43818 lxml Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/","name":"FEDORA-2022-7129fbaeed","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: python-lxml-4.6.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0","name":"https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0","refsource":"MISC","tags":[],"title":"Cleaner: Remove SVG image data URLs since they can embed script content. · lxml/lxml@f233023 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202208-06","name":"GLSA-202208-06","refsource":"GENTOO","tags":[],"title":"lxml: Multiple Vulnerabilities (GLSA 202208-06) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5043","name":"DSA-5043","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5043-1 lxml","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a","name":"https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a","refsource":"MISC","tags":[],"title":"Cleaner: Prevent \"@import\" from re-occurring in the CSS after replace… · lxml/lxml@12fa966 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/","name":"FEDORA-2021-6e8fb79f90","refsource":"FEDORA","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8","name":"https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8","refsource":"CONFIRM","tags":[],"title":"HTML Cleaner allows crafted and SVG embedded scripts to pass through · Advisory · lxml/lxml · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/","name":"FEDORA-2022-96c79bf003","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: python-lxml-4.6.5-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/","name":"FEDORA-2021-6e8fb79f90","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: mingw-python-lxml-4.6.5-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-43818","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43818","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lxml","cpe5":"lxml","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_storage_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_storage_node_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_enterprise_sds","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_binding_support_function","cpe6":"22.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_network_exposure_function","cpe6":"22.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_policy","cpe6":"22.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43818","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"zfs_storage_appliance_kit","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-43818","qid":"159768","title":"Oracle Enterprise Linux Security Update for ol-automation-manager (ELSA-2022-9341)"},{"cve":"CVE-2021-43818","qid":"159797","title":"Oracle Enterprise Linux Security Update for python38:3.8 and python38-devel:3.8 (ELSA-2022-1764)"},{"cve":"CVE-2021-43818","qid":"159798","title":"Oracle Enterprise Linux Security Update for python-lxml (ELSA-2022-1932)"},{"cve":"CVE-2021-43818","qid":"159819","title":"Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2022-1821)"},{"cve":"CVE-2021-43818","qid":"159823","title":"Oracle Enterprise Linux Security Update for python39:3.9 and python39-devel:3.9 (ELSA-2022-1763)"},{"cve":"CVE-2021-43818","qid":"178981","title":"Debian Security Update for lxml (DLA 2871-1)"},{"cve":"CVE-2021-43818","qid":"178995","title":"Debian Security Update for lxml (DSA 5043-1)"},{"cve":"CVE-2021-43818","qid":"182874","title":"Debian Security Update for lxml (CVE-2021-43818)"},{"cve":"CVE-2021-43818","qid":"198628","title":"Ubuntu Security Notification for lxml Vulnerability (USN-5225-1)"},{"cve":"CVE-2021-43818","qid":"240259","title":"Red Hat Update for red hat software collections (RHSA-2022:1664)"},{"cve":"CVE-2021-43818","qid":"240287","title":"Red Hat Update for python38:3.8 and python38-devel:3.8 (RHSA-2022:1764)"},{"cve":"CVE-2021-43818","qid":"240302","title":"Red Hat Update for python27:2.7 (RHSA-2022:1821)"},{"cve":"CVE-2021-43818","qid":"240303","title":"Red Hat Update for python39:3.9 and python39-devel:3.9 (RHSA-2022:1763)"},{"cve":"CVE-2021-43818","qid":"240311","title":"Red Hat Update for python-lxml (RHSA-2022:1932)"},{"cve":"CVE-2021-43818","qid":"240566","title":"Red Hat Update for Satellite 6.11 Release (RHSA-2022:5498)"},{"cve":"CVE-2021-43818","qid":"282192","title":"Fedora Security Update for mingw (FEDORA-2021-9f9e7c5c4f)"},{"cve":"CVE-2021-43818","qid":"282193","title":"Fedora Security Update for mingw (FEDORA-2021-6e8fb79f90)"},{"cve":"CVE-2021-43818","qid":"282243","title":"Fedora Security Update for python (FEDORA-2022-96c79bf003)"},{"cve":"CVE-2021-43818","qid":"282273","title":"Fedora Security Update for python (FEDORA-2022-7129fbaeed)"},{"cve":"CVE-2021-43818","qid":"296062","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)"},{"cve":"CVE-2021-43818","qid":"354350","title":"Amazon Linux Security Advisory for python-lxml : ALAS2022-2022-178"},{"cve":"CVE-2021-43818","qid":"354466","title":"Amazon Linux Security Advisory for python-lxml : ALAS2022-2022-074"},{"cve":"CVE-2021-43818","qid":"354762","title":"Amazon Linux Security Advisory for python-lxml : ALAS2-2023-1956"},{"cve":"CVE-2021-43818","qid":"354846","title":"Amazon Linux Security Advisory for python-lxml : ALAS-2023-1709"},{"cve":"CVE-2021-43818","qid":"355116","title":"Amazon Linux Security Advisory for python-lxml : ALAS2023-2023-034"},{"cve":"CVE-2021-43818","qid":"502167","title":"Alpine Linux Security Update for py3-lxml"},{"cve":"CVE-2021-43818","qid":"504331","title":"Alpine Linux Security Update for py3-lxml"},{"cve":"CVE-2021-43818","qid":"671392","title":"EulerOS Security Update for python-lxml (EulerOS-SA-2022-1336)"},{"cve":"CVE-2021-43818","qid":"671415","title":"EulerOS Security Update for python-lxml (EulerOS-SA-2022-1360)"},{"cve":"CVE-2021-43818","qid":"671450","title":"EulerOS Security Update for python-lxml (EulerOS-SA-2022-1456)"},{"cve":"CVE-2021-43818","qid":"671453","title":"EulerOS Security Update for python-lxml (EulerOS-SA-2022-1435)"},{"cve":"CVE-2021-43818","qid":"671529","title":"EulerOS Security Update for python-lxml (EulerOS-SA-2022-1494)"},{"cve":"CVE-2021-43818","qid":"671531","title":"EulerOS Security Update for python-lxml (EulerOS-SA-2022-1513)"},{"cve":"CVE-2021-43818","qid":"671662","title":"EulerOS Security Update for python-lxml (EulerOS-SA-2022-1758)"},{"cve":"CVE-2021-43818","qid":"710581","title":"Gentoo Linux lxml Multiple Vulnerabilities (GLSA 202208-06)"},{"cve":"CVE-2021-43818","qid":"751854","title":"SUSE Enterprise Linux Security Update for python-lxml (SUSE-SU-2022:0803-1)"},{"cve":"CVE-2021-43818","qid":"751858","title":"OpenSUSE Security Update for python-lxml (openSUSE-SU-2022:0803-1)"},{"cve":"CVE-2021-43818","qid":"751901","title":"SUSE Enterprise Linux Security Update for python-lxml (SUSE-SU-2022:0895-1)"},{"cve":"CVE-2021-43818","qid":"900418","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python-lxml (7021)"},{"cve":"CVE-2021-43818","qid":"901399","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python-lxml (7025-1)"},{"cve":"CVE-2021-43818","qid":"940499","title":"AlmaLinux Security Update for python27:2.7 (ALSA-2022:1821)"},{"cve":"CVE-2021-43818","qid":"940506","title":"AlmaLinux Security Update for python-lxml (ALSA-2022:1932)"},{"cve":"CVE-2021-43818","qid":"940508","title":"AlmaLinux Security Update for python39:3.9 and python39-devel:3.9 (ALSA-2022:1763)"},{"cve":"CVE-2021-43818","qid":"940557","title":"AlmaLinux Security Update for python38:3.8 and python38-devel:3.8 (ALSA-2022:1764)"},{"cve":"CVE-2021-43818","qid":"960252","title":"Rocky Linux Security Update for python38:3.8 and python38-devel:3.8 (RLSA-2022:1764)"},{"cve":"CVE-2021-43818","qid":"960259","title":"Rocky Linux Security Update for python27:2.7 (RLSA-2022:1821)"},{"cve":"CVE-2021-43818","qid":"960269","title":"Rocky Linux Security Update for python39:3.9 and python39-devel:3.9 (RLSA-2022:1763)"},{"cve":"CVE-2021-43818","qid":"960363","title":"Rocky Linux Security Update for python-lxml (RLSA-2022:1932)"},{"cve":"CVE-2021-43818","qid":"960505","title":"Rocky Linux Security Update for Satellite (RLSA-2022:5498)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2021-43818","STATE":"PUBLIC","TITLE":"HTML Cleaner allows crafted and SVG embedded scripts to pass through"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"lxml","version":{"version_data":[{"version_value":"< 4.6.5"}]}}]},"vendor_name":"lxml"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]},{"description":[{"lang":"eng","value":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]},"references":{"reference_data":[{"name":"https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8","refsource":"CONFIRM","url":"https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8"},{"name":"https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a","refsource":"MISC","url":"https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a"},{"name":"https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776","refsource":"MISC","url":"https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776"},{"name":"https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0","refsource":"MISC","url":"https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0"},{"refsource":"FEDORA","name":"FEDORA-2021-6e8fb79f90","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/"},{"refsource":"FEDORA","name":"FEDORA-2021-9f9e7c5c4f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20211230 [SECURITY] [DLA 2871-1] lxml security update","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html"},{"refsource":"DEBIAN","name":"DSA-5043","url":"https://www.debian.org/security/2022/dsa-5043"},{"refsource":"FEDORA","name":"FEDORA-2022-96c79bf003","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/"},{"refsource":"FEDORA","name":"FEDORA-2022-7129fbaeed","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220107-0005/","url":"https://security.netapp.com/advisory/ntap-20220107-0005/"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"refsource":"GENTOO","name":"GLSA-202208-06","url":"https://security.gentoo.org/glsa/202208-06"}]},"source":{"advisory":"GHSA-55x5-fj6c-h6m8","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2021-12-13 18:15:00","lastModifiedDate":"2023-11-07 03:39:00","problem_types":["CWE-79","CWE-74"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*","versionEndExcluding":"4.6.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire_enterprise_sds:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"43818","Ordinal":"221352","Title":"CVE-2021-43818","CVE":"CVE-2021-43818","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"43818","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}