CVE-2021-42771 (High) detected in Babel-2.7.0-py2.py3-none-any.whl #218
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-42771 - High Severity Vulnerability
Internationalization utilities
Library home page: https://files.pythonhosted.org/packages/2c/60/f2af68eb046c5de5b1fe6dd4743bf42c074f7141fe7b2737d3061533b093/Babel-2.7.0-py2.py3-none-any.whl
Path to dependency file: /asynql/docs/requirements.txt
Path to vulnerable library: /teSource-ArchiveExtractor_c7182848-0dc6-4a0a-8209-5c716eca17c9/20190619005844_75866/20190619005751_depth_0/4/Babel-2.7.0-py2.py3-none-any/babel
Dependency Hierarchy:
Found in base branch: master
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Publish Date: 2021-10-20
URL: CVE-2021-42771
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771
Release Date: 2021-10-20
Fix Resolution: Babel - 2.9.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: