Open mend-for-github-com[bot] opened 3 years ago
Internationalization utilities
Library home page: https://files.pythonhosted.org/packages/b8/ad/c6f60602d3ee3d92fbed87675b6fb6a6f9a38c223343ababdb44ba201f10/Babel-2.6.0-py2.py3-none-any.whl
Path to dependency file: /docs/requirements.txt
Path to vulnerable library: /docs/requirements.txt
Dependency Hierarchy: - :x: **Babel-2.6.0-py2.py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: 8df0c9edde054463776fa58e88036ee2a783a41f
Found in base branch: master
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Publish Date: 2021-10-20
URL: CVE-2021-42771
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771
Release Date: 2021-10-20
Fix Resolution: Babel - 2.9.1
:rescue_worker_helmet: Automatic Remediation is available for this issue
CVE-2021-42771 - High Severity Vulnerability
Internationalization utilities
Library home page: https://files.pythonhosted.org/packages/b8/ad/c6f60602d3ee3d92fbed87675b6fb6a6f9a38c223343ababdb44ba201f10/Babel-2.6.0-py2.py3-none-any.whl
Path to dependency file: /docs/requirements.txt
Path to vulnerable library: /docs/requirements.txt
Dependency Hierarchy: - :x: **Babel-2.6.0-py2.py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: 8df0c9edde054463776fa58e88036ee2a783a41f
Found in base branch: master
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Publish Date: 2021-10-20
URL: CVE-2021-42771
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771
Release Date: 2021-10-20
Fix Resolution: Babel - 2.9.1
:rescue_worker_helmet: Automatic Remediation is available for this issue