CVE-2021-29921

🗓️ 06 May 2021 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 11 Media mentions👁 5102 Views

Python ipaddress library vulnerability in handling leading zero characters in IP address string, allowing bypass of access control based on IP addresse

Reporter	Title	Published	Views	Family All 189
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)	20 May 202213:02	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore	28 Jun 202120:41	–	ibm
Tenable Nessus	Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-009)	27 Sep 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0262: python38:3.8 and python38-devel:3.8 (ALINUX3-SA-2024:0262)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : python39:3.9 and python39-devel:3.9 (CESA-2021:4160)	11 Nov 202100:00	–	nessus
Tenable Nessus	CentOS 8 : python38:3.8 and python38-devel:3.8 (CESA-2021:4162)	11 Nov 202100:00	–	nessus
Tenable Nessus	Debian dla-3980 : idle-python3.9 - security update	2 Dec 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2022-2740)	14 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2022-2775)	14 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2022-2828)	21 Dec 202200:00	–	nessus

NVD

Node

python pythonRange3.8.0–3.8.12

python pythonRange3.9.0–3.9.5

Node

oracle communications_cloud_native_core_automated_test_suiteMatch1.8.0

oracle communications_cloud_native_core_binding_support_functionMatch1.11.0

oracle communications_cloud_native_core_network_slice_selection_functionMatch1.8.0

oracle graalvmMatch20.3.2enterprise

oracle graalvmMatch21.1.0enterprise

oracle zfs_storage_appliance_kitMatch8.8

Source	Link
github	www.github.com/sickcodes
oracle	www.oracle.com//security-alerts/cpujul2021.html
github	www.github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
oracle	www.oracle.com/security-alerts/cpuapr2022.html
github	www.github.com/python/cpython/pull/12577
github	www.github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
sick	www.sick.codes/sick-2021-014
security	www.security.gentoo.org/glsa/202305-02
python-security	www.python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
docs	www.docs.python.org/3/library/ipaddress.html

03 Nov 2025 22:15Current

9.3High risk

Vulners AI Score9.3

CVSS 27.5

CVSS 3.19.8

EPSS0.02048