Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:4151
HistoryNov 09, 2021 - 8:24 a.m.

(RHSA-2021:4151) Moderate: python27:2.7 security update

2021-11-0908:24:39
access.redhat.com
48

0.01 Low

EPSS

Percentile

83.3%

JSON

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)

  • python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)

  • python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)

  • python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)

  • python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)

  • python-pygments: ReDoS in multiple lexers (CVE-2021-27291)

  • python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanynoarchpython2-backports-ssl_match_hostname< 3.5.0.1-12.module+el8.4.0+9193+f3daf6efpython2-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+9193+f3daf6ef.noarch.rpm
RedHatanynoarchpython2-setuptools_scm< 1.15.7-6.module+el8.1.0+3111+de3f2d8epython2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
RedHatanyaarch64python2-pymongo-gridfs< 3.7.0-1.module+el8.5.0+10264+e5753a40python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
RedHatanyaarch64python2-pyyaml-debuginfo< 3.12-16.module+el8.1.0+3111+de3f2d8epython2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
RedHatanyppc64lepython-psycopg2-doc< 2.7.5-7.module+el8.1.0+3111+de3f2d8epython-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHatanyaarch64numpy-debugsource< 1.14.2-16.module+el8.4.0+9406+221a4565numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
RedHatanyaarch64python2-debuginfo< 2.7.18-7.module+el8.5.0+12203+77770ab7python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
RedHatanyaarch64python2-sqlalchemy< 1.3.2-2.module+el8.3.0+6647+8d010749python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.aarch64.rpm
RedHatanyx86_64python2-libs< 2.7.18-7.module+el8.5.0+12203+77770ab7python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
RedHatanyppc64lepython2-scipy-debuginfo< 1.0.0-21.module+el8.5.0+10858+05337455python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm
Rows per page:
1-10 of 2221

Related

osv 25
nessus 65
almalinux 6
oraclelinux 6
rocky 7
redhat 8
openvas 36
debian 1
fedora 4
freebsd 1
ubuntucve 4
ubuntu 3
github 3
alpinelinux 2
prion 4
gitlab 1
ibm 1
redhatcve 1
nvd 2
cve 2
suse 2
veracode 2
cbl_mariner 1
cvelist 3
photon 1
amazon 1
debiancve 2
mageia 2
gentoo 2
archlinux 1
osv
osv
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
nessus
nessus
CentOS 8 : python27:2.7 (CESA-2021:4151)
2021-11-11 00:00:00
RHEL 8 : python27:2.7 (RHSA-2021:4151)
2021-11-11 00:00:00
Oracle Linux 8 : python27:2.7 (ELSA-2021-4151)
2021-12-10 00:00:00
almalinux
almalinux
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
oraclelinux
oraclelinux
python27:2.7 security update
2021-11-16 00:00:00
babel security and bug fix update
2021-11-16 00:00:00
python36:3.6 security and bug fix update
2021-11-16 00:00:00
rocky
rocky
python27:2.7 security update
2021-11-09 08:24:39
python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
python36:3.6 security and bug fix update
2021-11-09 08:24:37
redhat
redhat
(RHSA-2021:3252) Moderate: python27 security update
2021-08-24 07:29:51
(RHSA-2021:4201) Moderate: babel security and bug fix update
2021-11-09 08:37:19
(RHSA-2021:4162) Moderate: python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
openvas
openvas
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-1887)
2021-05-19 00:00:00
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-2441)
2021-09-15 00:00:00
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-2054)
2021-07-01 00:00:00
debian
debian
[SECURITY] [DLA 2790-1] python-babel security update
2021-10-21 09:56:09
fedora
fedora
[SECURITY] Fedora 34 Update: python2.7-2.7.18-11.fc34
2021-05-29 01:06:40
[SECURITY] Fedora 33 Update: python2.7-2.7.18-11.fc33
2021-05-29 01:17:31
[SECURITY] Fedora 33 Update: mingw-python-jinja2-2.11.3-1.fc33
2021-03-15 01:19:56
freebsd
freebsd
py-pygments -- multiple DoS vulnerabilities
2021-03-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-42771
2021-10-20 00:00:00
CVE-2021-28957
2021-03-21 00:00:00
CVE-2020-27619
2020-10-22 00:00:00
ubuntu
ubuntu
Pygments vulnerabilities
2023-08-14 00:00:00
Jinja2 vulnerability
2022-10-26 00:00:00
Babel vulnerability
2021-05-19 00:00:00
github
github
lxml vulnerable to Cross-Site Scripting
2021-03-22 16:53:53
Directory Traversal in Babel
2021-10-21 17:49:59
Regular Expression Denial of Service (ReDoS) in Jinja2
2021-03-19 21:28:05
alpinelinux
alpinelinux
CVE-2021-28957
2021-03-21 05:15:13
CVE-2020-28493
2021-02-01 20:15:12
prion
prion
Cross site scripting
2021-03-21 05:15:00
Directory traversal
2021-10-20 21:15:00
Design/Logic Flaw
2020-10-22 03:16:00
gitlab
gitlab
Regular Expression Denial of Service
2021-02-01 00:00:00
ibm
ibm
Security Bulletin: IBM Security QRadar Network Threat Analytics uses component jinja2 with a denial of service vulnerability (CVE-2020-28493)
2022-09-16 15:41:17
redhatcve
redhatcve
CVE-2020-28493
2021-02-15 12:33:42
nvd
nvd
CVE-2020-28493
2021-02-01 20:15:12
CVE-2021-42771
2021-10-20 21:15:07
cve
cve
CVE-2020-28493
2021-02-01 20:15:12
CVE-2021-42771
2021-10-20 21:15:07
suse
suse
Security update for python-Babel (important)
2021-12-10 00:00:00
Security update for python-Pygments (important)
2021-10-31 00:00:00
veracode
veracode
Directory Traversal
2021-10-21 04:31:28
Regular Expression Denial Of Service (ReDoS)
2021-02-02 01:28:40
cbl_mariner
cbl_mariner
CVE-2021-42771 affecting package babel for versions less than 2.9.1-1
2022-04-09 06:51:57
cvelist
cvelist
CVE-2021-42771
2021-10-20 20:05:35
CVE-2021-20270
2021-03-23 16:40:22
CVE-2020-27619
2020-10-22 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0123
2021-11-03 00:00:00
amazon
amazon
Medium: python-babel
2023-03-30 22:50:00
debiancve
debiancve
CVE-2020-27619
2020-10-22 03:16:31
CVE-2020-28493
2021-02-01 20:15:12
mageia
mageia
Updated python3 packages fix security vulnerability
2020-12-29 14:57:17
Updated python-babel packages fix a security vulnerability
2021-06-18 22:24:28
gentoo
gentoo
GNAT Ada Suite: Remote Code Execution
2024-02-03 00:00:00
Jinja: Denial of service
2021-07-08 00:00:00
archlinux
archlinux
[ASA-202102-19] python-jinja: denial of service
2021-02-07 00:00:00

0.01 Low

EPSS

Percentile

83.3%

JSON
Related for RHSA-2021:4151
osv25nessus65almalinux6oraclelinux6rocky7redhat8openvas36debian1fedora4freebsd1ubuntucve4ubuntu3github3alpinelinux2prion4gitlab1ibm1redhatcve1nvd2cve2suse2veracode2cbl_mariner1cvelist3photon1amazon1debiancve2mageia2gentoo2archlinux1