Arbitrary Code Execution

🗓️ 24 May 2021 09:29:59Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 31 Views

python3 vulnerability, improper IP address validation, arbitrary code execution ris

Reporter	Title	Published	Views	Family All 188
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)	20 May 202213:02	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore	28 Jun 202120:41	–	ibm
Tenable Nessus	Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-009)	27 Sep 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0262: python38:3.8 and python38-devel:3.8 (ALINUX3-SA-2024:0262)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : python39:3.9 and python39-devel:3.9 (CESA-2021:4160)	11 Nov 202100:00	–	nessus
Tenable Nessus	CentOS 8 : python38:3.8 and python38-devel:3.8 (CESA-2021:4162)	11 Nov 202100:00	–	nessus
Tenable Nessus	Debian dla-3980 : idle-python3.9 - security update	2 Dec 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2022-2740)	14 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2022-2775)	14 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2022-2828)	21 Dec 202200:00	–	nessus

Vulners

Node

devel develMatch3.9.0-5debian

AND

devel develMatch3.9.0~rc1-1build1debian

AND

devel develMatch3.9.0~b5-2debian

AND

devel develMatch3.9.2-1debian

AND

debian debian_linux

focal focalMatch3.9.0-5~20.04debian

AND

debian debian_linux

hirsute hirsuteMatch3.9.0-5debian

AND

hirsute hirsuteMatch3.9.2-1debian

AND

debian debian_linux

apache groovyMatch3.8.5-2ubuntu1debian

AND

apache groovyMatch3.8.5-2debian

AND

debian debian_linux

focal focalMatch3.8.5-1~20.04debian

AND

focal focalMatch3.8.2-1ubuntu1debian

AND

focal focalMatch3.8.2-1ubuntu1.2debian

AND

debian debian_linux

hirsute hirsuteMatch3.10.0~a4-2debian

AND

hirsute hirsuteMatch3.10.0~a2-1debian

AND

debian debian_linux

apache groovyMatch3.9.0~rc1-1build1debian

AND

apache groovyMatch3.9.0~b5-2debian

AND

apache groovyMatch3.9.0-5debian

AND

debian debian_linux

python3 python3Match3.8.2-r0os

AND

python3 python3Match3.8.2-r6os

AND

python3 python3Match3.9.4-r0os

AND

python3 python3Match3.8.8-r0os

AND

python3 python3Match3.8.2-r1os

AND

python3 python3Match3.8.7-r3os

AND

python3 python3Match3.8.2-r2os

AND

python3 python3Match3.8.3-r0os

AND

python3 python3Match3.8.2-r7os

AND

alpinelinux alpine_linuxMatchedge

python3.9 python3.9Match3.9.0-5debian

AND

debian debian_linuxMatch999

pypy3 pypy3Match7.3.5+dfsg-2debian

AND

pypy3 pypy3Match7.3.3+dfsg-1debian

AND

debian debian_linuxMatch999

python3.9 python3.9Match3.9.0-5debian

AND

debian debian_linuxMatch11

Source	Link
git	www.git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-29921
security	www.security.gentoo.org/glsa/202305-02
bugs	www.bugs.python.org/issue36384
docs	www.docs.python.org/3/library/ipaddress.html
github	www.github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
github	www.github.com/python/cpython/pull/12577
github	www.github.com/python/cpython/pull/25099
github	www.github.com/sickcodes
github	www.github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
python-security	www.python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html

03 May 2023 13:21Current

6Medium risk

Vulners AI Score6

CVSS 27.5

CVSS 3.19.8

EPSS0.02048