logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2021-42771 babel

Package

Manager: pip
Name: babel
Vulnerable Version: >=0 <2.9.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0013 pctl0.33343

Details

Directory Traversal in Babel Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Metadata

Created: 2021-10-21T17:49:59Z
Modified: 2024-09-12T20:56:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-h4m5-qpfp-3mpv/GHSA-h4m5-qpfp-3mpv.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-h4m5-qpfp-3mpv
Finding: F063
Auto approve: 1