vulnerability

Alpine Linux: CVE-2021-3426: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity

CVSS

(AV:A/AC:L/Au:S/C:P/I:N/A:N)

Published

May 20, 2021

Added

Aug 22, 2024

Modified

Jun 18, 2026

Description

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Solution

alpine-linux-upgrade-python3

References

CVE-2021-3426
https://attackerkb.com/topics/CVE-2021-3426
https://security.alpinelinux.org/vuln/CVE-2021-3426
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-26753
CWE-200
CWE-22
EUVD-EUVD-2021-26753

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report