Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-4189

Опубликовано: 21 дек. 2021
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6pythonOut of support scope
Red Hat Enterprise Linux 7pythonOut of support scope
Red Hat Enterprise Linux 7python3Out of support scope
Red Hat Enterprise Linux 8python36:3.6/python36Not affected
Red Hat Enterprise Linux 8python38:3.8/python38Not affected
Red Hat Enterprise Linux 8python39:3.9/python39Not affected
Red Hat Enterprise Linux 8python27FixedRHSA-2022:182110.05.2022
Red Hat Enterprise Linux 8python3FixedRHSA-2022:198610.05.2022
Red Hat Enterprise Linux 8python3FixedRHSA-2022:198610.05.2022
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-python38-babelFixedRHSA-2021:325424.08.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-252
https://bugzilla.redhat.com/show_bug.cgi?id=2036020python: ftplib should not use the host from the PASV response

EPSS

Процентиль: 54%
0.00311
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-4189

CVSS3: 5.3
ubuntu
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

nvd логотип

CVE-2021-4189

CVSS3: 5.3
nvd
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

debian логотип

CVE-2021-4189

CVSS3: 5.3
debian
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Pro ...

github логотип

GHSA-67xf-xphq-9mcc

CVSS3: 5.3
github
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

fstec логотип

BDU:2022-02303

CVSS3: 6.1
fstec
больше 3 лет назад

Уязвимость клиентской библиотеки FTP (File Transfer Protocol) интерпретатора языка программирования Python, позволяющая нарушителю выполнять SSRF-атаки

EPSS

Процентиль: 54%
0.00311
Низкий

5.3 Medium

CVSS3