CVE-2021-42771

🗓️ 22 Oct 2021 17:14:16Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 51 Views

A flaw in python-babel allows local attacker to trick application into loading files outside intended directory

Reporter	Title	Published	Views	Family All 145
IBM Security Bulletins	Security Bulletin: CVE-2021-42771	17 Feb 202212:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Babel affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2021-42771]	26 Apr 202519:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in babel affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-42771]	13 Mar 202407:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities in multiple Open Source Software (OSS) components	5 Feb 202418:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	19 Jan 202313:54	–	ibm
IBM Security Bulletins	Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)	27 Apr 202222:57	–	ibm
Tenable Nessus	Amazon Linux 2 : babel (ALAS-2023-2010)	5 Apr 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python-babel (ALAS-2023-1720)	6 Apr 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0085: babel (ALINUX3-SA-2022:0085)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0261: Moderate: python27:2.7 (ALINUX3-SA-2024:0261)	14 May 202500:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-42771
tenable	www.tenable.com/security/research/tra-2021-14
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

20 Apr 2024 04:18Current

4.4Medium risk

Vulners AI Score4.4

CVSS 27.2

CVSS 3.17.8

EPSS0.00169

python-babel path traversal vulnerability locale data data confidentiality integrity service availability