CVE-2021-4189

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Python (affected versions not specified)

Description The issue is related to the FTP client library in Python, specifically in PASV (passive) mode, where the library trusts the host from the PASV response by default. This allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port, potentially leading to FTP client scanning ports.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unchecked Return Value

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-918

Related Identifiers

ALSA-2022:1821

ALSA-2022:1986

ALT-PU-2021-1596

ALT-PU-2021-2653

ALT-PU-2022-1209

ALT-PU-2022-1471

ALT-PU-2022-3044

ALT-PU-2023-4581

ALT-PU-2024-3474

BDU:2022-02303

BIT-LIBPYTHON-2021-4189

BIT-PYTHON-2021-4189

BIT-PYTHON-MIN-2021-4189

CESA-2022_1821

CESA-2022_1986

CVE-2021-4189

DLA-2919-1

DLA-3432-1

DLA-3477-1

DLA-3980-1

MGASA-2022-0367

OESA-2022-1566

OPENSUSE-SU-2022:1091-1

OPENSUSE-SU-2022_1091-1

OPENSUSE-SU-2024:11835-1

RHSA-2021:3254

RHSA-2022:1663

RHSA-2022:1821

RHSA-2022:1986

RHSA-2022_1821

RHSA-2022_1986

RLSA-2022:1821

SUSE-SU-2022:0882-1

SUSE-SU-2022:1091-1

SUSE-SU-2022:1140-1

SUSE-SU-2022_0882-1

SUSE-SU-2022_1140-1

USN-5342-1

USN-5342-2

USN-6891-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Python

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2021-4189

Weakness Enumeration

Related Identifiers

Affected Products

References · 138