Описание
Directory Traversal in Babel
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-42771
- https://github.com/python-babel/babel/pull/782
- https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3
- https://github.com/advisories/GHSA-h4m5-qpfp-3mpv
- https://github.com/pypa/advisory-database/tree/main/vulns/babel/PYSEC-2021-421.yaml
- https://github.com/python-babel/babel
- https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html
- https://lists.debian.org/debian-lts/2021/10/msg00040.html
- https://www.debian.org/security/2021/dsa-5018
- https://www.tenable.com/security/research/tra-2021-14
Пакеты
babel
< 2.9.1
2.9.1
Связанные уязвимости
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...