CVE-2021-42771
N/A
N/A
Summary
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.tenable.com/security/research/tra-2021-14
- https://github.com/python-babel/babel/pull/782
- https://lists.debian.org/debian-lts/2021/10/msg00040.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html
- https://www.debian.org/security/2021/dsa-5018
References
- https://www.tenable.com/security/research/tra-2021-14
- https://github.com/python-babel/babel/pull/782
- https://lists.debian.org/debian-lts/2021/10/msg00040.html
- https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html
- https://www.debian.org/security/2021/dsa-5018
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.