CVE-2021-42771

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Babel versions prior to 2.9.1

Description The issue is related to errors in input validation when handling directory traversal sequences in locale .dat files within Babel.Locale. This can allow an attacker to load arbitrary locale .dat files, which contain serialized Python objects, via directory traversal, leading to code execution.

Recommendations For versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to locale .dat files to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2021:4151

ALSA-2021:4162

ALSA-2021:4201

ALT-PU-2021-2513

ALT-PU-2024-8948

AZL-6325

BDU:2025-02668

CESA-2021_4151

CESA-2021_4162

CESA-2021_4201

CVE-2021-42771

DLA-2790-1

DSA-5018-1

GHSA-H4M5-QPFP-3MPV

INFSA-2021_4201

OPENSUSE-SU-2021:1553-1

OPENSUSE-SU-2021:3945-1

OPENSUSE-SU-2021_1553-1

OPENSUSE-SU-2021_3945-1

OPENSUSE-SU-2024:11602-1

OPENSUSE-SU-2024:14127-1

PYSEC-2021-421

RHSA-2021:3252

RHSA-2021:3254

RHSA-2021:4151

RHSA-2021:4162

RHSA-2021:4201

RHSA-2021_4151

RHSA-2021_4162

RHSA-2021_4201

RLSA-2021:4151

RLSA-2021:4162

RLSA-2021:4201

SUSE-SU-2021:3945-1

SUSE-SU-2021:4161-1

SUSE-SU-2021_3945-1

SUSE-SU-2021_4161-1

SUSE-SU-2022:0028-1

SUSE-SU-2022:0029-1

SUSE-SU-2022:3590-1

SUSE-SU-2022_3590-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Babel

Centos

Red Hat

Red Os

Rocky Linux

Suse

CVE-2021-42771

Weakness Enumeration

Related Identifiers

Affected Products

References · 88