Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal leading to code execution.

🗓️ 26 Oct 2021 07:00:00Reported by MicrosoftType

Babel.Locale before 2.9.1 allows directory traversal to load arbitrary locale.dat and execute code.

Reporter	Title	Published	Views	Family All 144
IBM Security Bulletins	Security Bulletin: CVE-2021-42771	17 Feb 202212:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Babel affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2021-42771]	26 Apr 202519:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in babel affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-42771]	13 Mar 202407:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in multiple Open Source Software (OSS) components	5 Feb 202418:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	19 Jan 202313:54	–	ibm
IBM Security Bulletins	Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)	27 Apr 202222:57	–	ibm
Tenable Nessus	Amazon Linux 2 : babel (ALAS-2023-2010)	5 Apr 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python-babel (ALAS-2023-1720)	6 Apr 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0085: babel (ALINUX3-SA-2022:0085)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0261: Moderate: python27:2.7 (ALINUX3-SA-2024:0261)	14 May 202500:00	–	nessus