5.6

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-c58j-88f5-h53f

GHSA-c58j-88f5-h53f: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares

Impact

pycares versions < 4.2.0 are affected by CVE-2021-3672.

Patches

Update to version 4.2.0.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-c58j-88f5-h53f

GHSA-c58j-88f5-h53f:

5.6

CVSS Score

3.1

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pycares	pip	< 4.2.0	4.2.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided information references CVE-2021-3672 and CWE-79 (XSS) but lacks critical technical details such as commit diffs, patch specifics, or code examples. Pycares is a DNS resolution library, and XSS vulnerabilities in this context would typically involve improper handling of DNS response data (e.g., TXT records containing malicious payloads). However, the advisory does not explicitly identify which functions process or return untrusted DNS data without proper sanitization. The mention of NUL byte handling (CWE-158) suggests potential parsing flaws, but without concrete code references or patch details, specific vulnerable functions cannot be confidently determined.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.