Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

CPENameOperatorVersion
debian_linuxeq10.0
babellt2.9.1

CPE	Name	Operator	Version
	debian_linux	eq	10.0
	babel	lt	2.9.1

References

github.com/python-babel/babel/pull/782

lists.debian.org/debian-lts-announce/2021/10/msg00018.html

lists.debian.org/debian-lts/2021/10/msg00040.html

www.debian.org/security/2021/dsa-5018

www.tenable.com/security/research/tra-2021-14

osv 11

openvas 11

github 1

nessus 31

amazon 2

photon 2

cbl_mariner 2

cvelist 1

nvd 1

cve 1

veracode 1

suse 2

redhatcve 1

ibm 6

alpinelinux 1

debiancve 1

rosalinux 1

debian 1

rocky 3

oraclelinux 3

redhat 9

ubuntucve 1

almalinux 3

osv

PYSEC-2021-421

2021-10-20 21:15:00

python-babel - security update

2021-12-09 00:00:00

python-babel - security update

2021-10-21 00:00:00

openvas

Debian: Security Advisory (DSA-5018-1)

2021-12-10 00:00:00

Huawei EulerOS: Security Advisory for babel (EulerOS-SA-2022-1367)

2022-04-13 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:3945-1)

2021-12-07 00:00:00

github

Directory Traversal in Babel

2021-10-21 17:49:59

nessus

EulerOS Virtualization 2.10.0 : babel (EulerOS-SA-2022-1393)

2022-04-18 00:00:00

AlmaLinux 8 : babel (ALSA-2021:4201)

2022-02-09 00:00:00

Rocky Linux 8 : babel (RLSA-2021:4201)

2023-11-07 00:00:00

amazon

Medium: python-babel

2023-03-30 22:50:00

Medium: babel

2023-03-30 18:56:00

photon

Important Photon OS Security Update - PHSA-2021-0123

2021-11-03 00:00:00

Important Photon OS Security Update - PHSA-2021-4.0-0123

2021-11-04 00:00:00

cbl_mariner

CVE-2021-42771 affecting package babel for versions less than 2.9.1-1

2022-04-09 06:51:57

CVE-2021-42771 affecting package babel 2.6.0-9

2021-11-06 00:29:51

cvelist

CVE-2021-42771

2021-10-20 20:05:35

nvd

CVE-2021-42771

2021-10-20 21:15:07

cve

CVE-2021-42771

2021-10-20 21:15:07

veracode

Directory Traversal

2021-10-21 04:31:28

suse

Security update for python-Babel (important)

2021-12-10 00:00:00

Security update for python-Babel (important)

2021-12-06 00:00:00

redhatcve

CVE-2021-42771

2021-10-22 17:14:16

ibm

Security Bulletin: CVE-2021-42771

2022-02-17 12:07:59

Security Bulletin: Vulnerability in babel affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-42771]

2024-03-13 07:42:33

Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

2022-04-27 22:57:13

alpinelinux

CVE-2021-42771

2021-10-20 21:15:07

debiancve

CVE-2021-42771

2021-10-20 21:15:07

rosalinux

Advisory ROSA-SA-2023-2244

2023-10-10 09:49:57

debian

[SECURITY] [DLA 2790-1] python-babel security update

2021-10-21 09:56:09

rocky

babel security and bug fix update

2021-11-09 08:37:19

python27:2.7 security update

2021-11-09 08:24:39

python38:3.8 and python38-devel:3.8 security update

2021-11-09 12:47:54

oraclelinux

babel security and bug fix update

2021-11-16 00:00:00

python27:2.7 security update

2021-11-16 00:00:00

python38:3.8 and python38-devel:3.8 security update

2021-11-16 00:00:00

redhat

(RHSA-2021:4201) Moderate: babel security and bug fix update

2021-11-09 08:37:19

(RHSA-2021:4151) Moderate: python27:2.7 security update

2021-11-09 08:24:39

(RHSA-2021:3252) Moderate: python27 security update

2021-08-24 07:29:51

ubuntucve

CVE-2021-42771

2021-10-20 00:00:00

almalinux

Moderate: babel security and bug fix update

2021-11-09 08:37:19

Moderate: python27:2.7 security update

2021-11-09 08:24:39

Moderate: python38:3.8 and python38-devel:3.8 security update

2021-11-09 12:47:54

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.2%

JSON

Related for PRION:CVE-2021-42771