Fluid Attacks Database

Description

cross-site scripting

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	lxml	=4.6.3+dfsg-0.1 \|\| >=0 <4.6.3+dfsg-0.1+deb11u1	4.6.3+dfsg-0.1+deb11u1
debian 13	lxml	>=0 <4.7.1-1	4.7.1-1
debian 14	lxml	>=0 <4.7.1-1	4.7.1-1
alpine v3.16	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.3-r1 \|\| =4.6.4-r0 \|\| >=0 <4.6.5-r0	4.6.5-r0
alpine v3.17	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.3-r1 \|\| =4.6.4-r0 \|\| >=0 <4.6.5-r0	4.6.5-r0
alpine v3.18	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.3-r1 \|\| =4.6.4-r0 \|\| >=0 <4.6.5-r0	4.6.5-r0
alpine v3.19	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.3-r1 \|\| =4.6.4-r0 \|\| >=0 <4.6.5-r0	4.6.5-r0
alpine v3.20	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.3-r1 \|\| =4.6.4-r0 \|\| >=0 <4.6.5-r0	4.6.5-r0
alpine v3.21	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.3-r1 \|\| =4.6.4-r0 \|\| >=0 <4.6.5-r0	4.6.5-r0
alpine v3.22	py3-lxml	=2.2.6-r0 \|\| =2.2.8-r0 \|\| =2.2.8-r1 \|\| =2.3.4-r1 \|\| =2.3.5-r0 \|\| =3.1.0-r0 \|\| =3.2.3-r0 \|\| =3.3.2-r0 \|\| =3.4.0-r0 \|\| =3.4.4-r0 \|\| =3.5.0-r0 \|\| =3.6.0-r0 \|\| =3.6.0-r1 \|\| =3.6.4-r0 \|\| =3.7.1-r0 \|\| =3.7.2-r0 \|\| =3.7.2-r1 \|\| =3.8.0-r0 \|\| =4.0.0-r0 \|\| =4.1.0-r0 \|\| =4.1.0-r1 \|\| =4.1.1-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.3.2-r0 \|\| =4.3.3-r0 \|\| =4.3.3-r1 \|\| =4.3.4-r0 \|\| =4.4.0-r0 \|\| =4.4.1-r0 \|\| =4.4.1-r1 \|\| =4.4.1-r2 \|\| =4.4.1-r3 \|\| =4.4.2-r0 \|\| =4.4.3-r0 \|\| =4.5.0-r0 \|\| =4.5.1-r0 \|\| =4.5.2-r0 \|\| =4.6.0-r0 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.3-r1 \|\| =4.6.4-r0 \|\| >=0 <4.6.5-r0	4.6.5-r0

1-10 of 19

Aliases

1. CVE-2021-438182. NVD-2021-438183. OSV-DEBIAN-2021-438184. OSV-2021-438185. OSV-ALPINE-2021-438186. GHSA-55x5-fj6c-h6m87. GCVE-2021-438188. SECURITY-TRACKER-CVE-2021-438189. SECURITY-CVE-2021-4381810. security.gentoo.org11. lists.debian.org

References

1. https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m82. https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a3. https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad7764. https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c05. https://www.oracle.com/security-alerts/cpujul2022.html6. https://www.oracle.com/security-alerts/cpuapr2022.html7. https://www.debian.org/security/2022/dsa-50438. https://security.netapp.com/advisory/ntap-20220107-00059. https://lists.fedoraproject.org/archives/list/[email protected]/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI4410. https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I711. https://lists.fedoraproject.org/archives/list/[email protected]/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V12. https://lists.fedoraproject.org/archives/list/[email protected]/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC713. https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.