vulnerability
Oracle Linux: CVE-2021-42771: ELSA-2021-4201: babel security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | 04/28/2021 | 11/17/2021 | 01/08/2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
04/28/2021
Added
11/17/2021
Modified
01/08/2025
Description
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
Solution(s)
oracle-linux-upgrade-python38oracle-linux-upgrade-python38-asn1cryptooracle-linux-upgrade-python38-atomicwritesoracle-linux-upgrade-python38-attrsoracle-linux-upgrade-python38-babeloracle-linux-upgrade-python38-cffioracle-linux-upgrade-python38-chardetoracle-linux-upgrade-python38-cryptographyoracle-linux-upgrade-python38-cythonoracle-linux-upgrade-python38-debugoracle-linux-upgrade-python38-develoracle-linux-upgrade-python38-idleoracle-linux-upgrade-python38-idnaoracle-linux-upgrade-python38-jinja2oracle-linux-upgrade-python38-libsoracle-linux-upgrade-python38-lxmloracle-linux-upgrade-python38-markupsafeoracle-linux-upgrade-python38-mod-wsgioracle-linux-upgrade-python38-more-itertoolsoracle-linux-upgrade-python38-numpyoracle-linux-upgrade-python38-numpy-docoracle-linux-upgrade-python38-numpy-f2pyoracle-linux-upgrade-python38-packagingoracle-linux-upgrade-python38-piporacle-linux-upgrade-python38-pip-wheeloracle-linux-upgrade-python38-pluggyoracle-linux-upgrade-python38-plyoracle-linux-upgrade-python38-psutiloracle-linux-upgrade-python38-psycopg2oracle-linux-upgrade-python38-psycopg2-docoracle-linux-upgrade-python38-psycopg2-testsoracle-linux-upgrade-python38-pyoracle-linux-upgrade-python38-pycparseroracle-linux-upgrade-python38-pymysqloracle-linux-upgrade-python38-pyparsingoracle-linux-upgrade-python38-pysocksoracle-linux-upgrade-python38-pytestoracle-linux-upgrade-python38-pytzoracle-linux-upgrade-python38-pyyamloracle-linux-upgrade-python38-requestsoracle-linux-upgrade-python38-rpm-macrosoracle-linux-upgrade-python38-scipyoracle-linux-upgrade-python38-setuptoolsoracle-linux-upgrade-python38-setuptools-wheeloracle-linux-upgrade-python38-sixoracle-linux-upgrade-python38-testoracle-linux-upgrade-python38-tkinteroracle-linux-upgrade-python38-urllib3oracle-linux-upgrade-python38-wcwidthoracle-linux-upgrade-python38-wheeloracle-linux-upgrade-python38-wheel-wheeloracle-linux-upgrade-python3-babel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.