glances@3.2.0 vulnerabilities

A cross-platform curses-based monitoring tool

Direct Vulnerabilities

Known vulnerabilities in the glances package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

Glances is an A cross-platform curses-based monitoring tool

Affected versions of this package are vulnerable to Information Exposure via several logging instances in glances_mongodb.py component.

How to fix Information Exposure?

Upgrade Glances to version 3.4.0 or higher.

[,3.4.0)
  • M
Information Exposure

Glances is an A cross-platform curses-based monitoring tool

Affected versions of this package are vulnerable to Information Exposure due to logging of passwords in the load method of the GlancesPasswordList class. Exploiting this vulnerability could potentially let a local user the ability to view all passwords stored by Glances.

How to fix Information Exposure?

Upgrade Glances to version 3.2.5 or higher.

[,3.2.5)
  • M
Insecure Defaults

Glances is an A cross-platform curses-based monitoring tool

Affected versions of this package are vulnerable to Insecure Defaults in the glances_ip.py plugin, as it relies on a malicious site domain used for retrieving machines' public IP addresses.

How to fix Insecure Defaults?

Upgrade Glances to version 3.2.5 or higher.

[,3.2.5)
  • M
XML External Entity (XXE) Injection

Glances is an A cross-platform curses-based monitoring tool

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.

How to fix XML External Entity (XXE) Injection?

Upgrade Glances to version 3.2.1 or higher.

[,3.2.1)