Описание
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to data integrity and system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-ipaddress | Not affected | ||
| Red Hat Enterprise Linux 7 | python-pip | Not affected | ||
| Red Hat Enterprise Linux 8 | python27:2.7/python-ipaddress | Not affected | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Software Collections | python27-python-pip | Not affected | ||
| Red Hat Software Collections | rh-python36-python | Not affected | ||
| Red Hat Enterprise Linux 8 | python39 | Fixed | RHSA-2021:4160 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | python39-devel | Fixed | RHSA-2021:4160 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | python38 | Fixed | RHSA-2021:4162 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | python38-devel | Fixed | RHSA-2021:4162 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
In Python before 3,9,5, the ipaddress library mishandles leading zero ...
EPSS
9.1 Critical
CVSS3