Product Research Enterprise Plans Docs

PyPi: Glances

CVE-2021-23337

Transitive

Safety vulnerability ID: 40900

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 15, 2021 Updated at May 12, 2024

Scan your Python projects for vulnerabilities →

Advisory

Glances 3.2.0 updates its NPM dependency 'lodash' to fixes a potential command injection vulnerability.
https://github.com/nicolargo/glances/commit/0448e3432f5d48185d4c9e2ecff8b801fcfabb9e

Affected package

glances

Latest version: 4.0.1

A cross-platform curses-based monitoring tool

Affected versions

Fixed versions

Vulnerability changelog

===============

Under Development.

See roadmap here ==> https://github.com/nicolargo/glances/milestone/49

This release is a major version (but minor number because the API did not change). It focus on
*CPU consumption*. I use `Flame profiling https://github.com/nicolargo/glances/wiki/Glances-FlameGraph`_
and code optimization to *reduce CPU consumption from 20% to 50%* depending on your system.

Enhancement and development requests:

* Improve CPU consumption
- Make the refresh rate configurable per plugin 1870
- Add caching for processing username and cmdline
- Correct and improve refresh time method
- Set refresh rate for global CPU percent
- Set the dafault refresh rate of system stats to 60 seconds
- Default refresh time for sensors is refresh rate * 2
- Improve history perf
- Change main curses loop
- Improve Docker client connection
- Update Flame profiling
* Get system sensors temperatures thresholds 1864
* Filter data exported from Docker plugin
* Make the Docker API connection timeout configurable
* Add --issue to Github issue template
* Add release-note in the Makefile
* Add some comments in cpu_percent
* Add some comments to the processlist.py
* Set minimal version for PSUtil to 5.3.0
* Add comment to default glances.conf file
* Improve code quality 820
* Update WebUI for security vuln

Bugs corrected:

* Quit from help should return to main screen, not exit 1874
* AttributeError: 'NoneType' object has no attribute 'current' 1875
* Merge pull request 1873 from metayan/fix-history-add
* Correct filter
* Correct Flake8 issue in plugins
* Pressing Q to get rid of irq not working 1792
* Spelling correction in docs 1886
* Starting an alias with a number causes a crash 1885
* Network interfaces not applying in web UI 1884
* Docker containers information missing with Docker 20.10.x 1878
* Get system sensors temperatures thresholds 1864

Contibutors for this version:

* Nicolargo
* Markus Pöschl
* Clifford W. Hansen
* Blake
* Yan

===============

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.2

CVSS v3 Details

HIGH 7.2

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 6.5

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): SINGLE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): PARTIAL