Описание
Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code.
Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-20095
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MORYINYUSYI6XLC4UKPRGGFD2WMO7GSM
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKXUEWVKU5WASYSAFXQP6SFSDOG773RV
- https://www.tenable.com/security/research/tra-2021-14
CVE ID
Дефекты
Связанные уязвимости
A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
ELSA-2021-4201: babel security and bug fix update (MODERATE)