CVE-2021-42771
Description
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.13
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-42771 are fixed in Python-babel 2.9.1 | Windows |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-rpm-macros-3.8.8-4.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4201)Moderate: security and bug fix update python3-babel-2.5.1-7.el8.noarch.rpm | Linux |
| babel security and bug fix update (RLSA-2021:4201) python3-babel-2.5.1-7.el8.noarch.rpm | Linux |
| Python3-babel update (ELSA-2021-4201) python3-babel-2.5.1-7.el8.noarch.rpm | Linux |
| babel Security Update (ALAS-2023-2010) babel-0.9.6-8.amzn2.0.2.noarch.rpm | Linux |
| babel Security Update (ALAS-2023-2010) python-babel-0.9.6-8.amzn2.0.2.noarch.rpm | Linux |
| Moderate: babel security and bug fix update python3-babel-2.5.1-7.el8.noarch.rpm | Linux |
| babel Security Update (ALAS2-2023-2010) python-babel-0.9.6-8.amzn2.0.2.noarch.rpm | Linux |
| babel Security Update (ALAS2-2023-2010) babel-0.9.6-8.amzn2.0.2.noarch.rpm | Linux |
| Vulnerabilities CVE-2021-42771 are fixed in Python-babel for linux 2.9.1 | Linux |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2021-42771) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234