Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-4189

Опубликовано: 24 авг. 2022
Источник: nvd
CVSS3: 5.3
EPSS Низкий

Описание

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.6.0 (включая) до 3.6.14 (исключая)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.7.0 (включая) до 3.7.11 (исключая)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.8.0 (включая) до 3.8.9 (исключая)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.9.0 (включая) до 3.9.3 (исключая)
cpe:2.3:a:python:python:3.10.0:-:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%
0.00414
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-252

Связанные уязвимости

ubuntu логотип

CVE-2021-4189

CVSS3: 5.3
ubuntu
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

redhat логотип

CVE-2021-4189

CVSS3: 5.3
redhat
больше 3 лет назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

debian логотип

CVE-2021-4189

CVSS3: 5.3
debian
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Pro ...

github логотип

GHSA-67xf-xphq-9mcc

CVSS3: 5.3
github
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

fstec логотип

BDU:2022-02303

CVSS3: 6.1
fstec
больше 3 лет назад

Уязвимость клиентской библиотеки FTP (File Transfer Protocol) интерпретатора языка программирования Python, позволяющая нарушителю выполнять SSRF-атаки

EPSS

Процентиль: 61%
0.00414
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-252