vulnerability

Red Hat: CVE-2021-42771: CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (Multiple Advisories)

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Nov 9, 2021
Added
Nov 10, 2021
Modified
Jul 9, 2025

Description

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Solution(s)

no-fix-redhat-rpm-packageredhat-upgrade-babelredhat-upgrade-cython-debugsourceredhat-upgrade-numpy-debugsourceredhat-upgrade-python-cffi-debugsourceredhat-upgrade-python-coverage-debugsourceredhat-upgrade-python-cryptography-debugsourceredhat-upgrade-python-lxml-debugsourceredhat-upgrade-python-markupsafe-debugsourceredhat-upgrade-python-nose-docsredhat-upgrade-python-psutil-debugsourceredhat-upgrade-python-psycopg2-debuginforedhat-upgrade-python-psycopg2-debugsourceredhat-upgrade-python-psycopg2-docredhat-upgrade-python-pymongo-debuginforedhat-upgrade-python-pymongo-debugsourceredhat-upgrade-python-sqlalchemy-docredhat-upgrade-python2redhat-upgrade-python2-attrsredhat-upgrade-python2-babelredhat-upgrade-python2-backportsredhat-upgrade-python2-backports-ssl_match_hostnameredhat-upgrade-python2-bsonredhat-upgrade-python2-bson-debuginforedhat-upgrade-python2-chardetredhat-upgrade-python2-coverageredhat-upgrade-python2-coverage-debuginforedhat-upgrade-python2-cythonredhat-upgrade-python2-cython-debuginforedhat-upgrade-python2-debugredhat-upgrade-python2-debuginforedhat-upgrade-python2-debugsourceredhat-upgrade-python2-develredhat-upgrade-python2-dnsredhat-upgrade-python2-docsredhat-upgrade-python2-docs-inforedhat-upgrade-python2-docutilsredhat-upgrade-python2-funcsigsredhat-upgrade-python2-idnaredhat-upgrade-python2-ipaddressredhat-upgrade-python2-jinja2redhat-upgrade-python2-libsredhat-upgrade-python2-lxmlredhat-upgrade-python2-lxml-debuginforedhat-upgrade-python2-markupsaferedhat-upgrade-python2-mockredhat-upgrade-python2-noseredhat-upgrade-python2-numpyredhat-upgrade-python2-numpy-debuginforedhat-upgrade-python2-numpy-docredhat-upgrade-python2-numpy-f2pyredhat-upgrade-python2-pipredhat-upgrade-python2-pip-wheelredhat-upgrade-python2-pluggyredhat-upgrade-python2-psycopg2redhat-upgrade-python2-psycopg2-debugredhat-upgrade-python2-psycopg2-debug-debuginforedhat-upgrade-python2-psycopg2-debuginforedhat-upgrade-python2-psycopg2-testsredhat-upgrade-python2-pyredhat-upgrade-python2-pygmentsredhat-upgrade-python2-pymongoredhat-upgrade-python2-pymongo-debuginforedhat-upgrade-python2-pymongo-gridfsredhat-upgrade-python2-pymysqlredhat-upgrade-python2-pysocksredhat-upgrade-python2-pytestredhat-upgrade-python2-pytest-mockredhat-upgrade-python2-pytzredhat-upgrade-python2-pyyamlredhat-upgrade-python2-pyyaml-debuginforedhat-upgrade-python2-requestsredhat-upgrade-python2-rpm-macrosredhat-upgrade-python2-scipyredhat-upgrade-python2-scipy-debuginforedhat-upgrade-python2-setuptoolsredhat-upgrade-python2-setuptools-wheelredhat-upgrade-python2-setuptools_scmredhat-upgrade-python2-sixredhat-upgrade-python2-sqlalchemyredhat-upgrade-python2-testredhat-upgrade-python2-tkinterredhat-upgrade-python2-toolsredhat-upgrade-python2-urllib3redhat-upgrade-python2-virtualenvredhat-upgrade-python2-wheelredhat-upgrade-python2-wheel-wheelredhat-upgrade-python3-babelredhat-upgrade-python38redhat-upgrade-python38-asn1cryptoredhat-upgrade-python38-atomicwritesredhat-upgrade-python38-attrsredhat-upgrade-python38-babelredhat-upgrade-python38-cffiredhat-upgrade-python38-cffi-debuginforedhat-upgrade-python38-chardetredhat-upgrade-python38-cryptographyredhat-upgrade-python38-cryptography-debuginforedhat-upgrade-python38-cythonredhat-upgrade-python38-cython-debuginforedhat-upgrade-python38-debugredhat-upgrade-python38-debuginforedhat-upgrade-python38-debugsourceredhat-upgrade-python38-develredhat-upgrade-python38-idleredhat-upgrade-python38-idnaredhat-upgrade-python38-jinja2redhat-upgrade-python38-libsredhat-upgrade-python38-lxmlredhat-upgrade-python38-lxml-debuginforedhat-upgrade-python38-markupsaferedhat-upgrade-python38-markupsafe-debuginforedhat-upgrade-python38-mod_wsgiredhat-upgrade-python38-more-itertoolsredhat-upgrade-python38-numpyredhat-upgrade-python38-numpy-debuginforedhat-upgrade-python38-numpy-docredhat-upgrade-python38-numpy-f2pyredhat-upgrade-python38-packagingredhat-upgrade-python38-pipredhat-upgrade-python38-pip-wheelredhat-upgrade-python38-pluggyredhat-upgrade-python38-plyredhat-upgrade-python38-psutilredhat-upgrade-python38-psutil-debuginforedhat-upgrade-python38-psycopg2redhat-upgrade-python38-psycopg2-debuginforedhat-upgrade-python38-psycopg2-docredhat-upgrade-python38-psycopg2-testsredhat-upgrade-python38-pyredhat-upgrade-python38-pycparserredhat-upgrade-python38-pymysqlredhat-upgrade-python38-pyparsingredhat-upgrade-python38-pysocksredhat-upgrade-python38-pytestredhat-upgrade-python38-pytzredhat-upgrade-python38-pyyamlredhat-upgrade-python38-pyyaml-debuginforedhat-upgrade-python38-requestsredhat-upgrade-python38-rpm-macrosredhat-upgrade-python38-scipyredhat-upgrade-python38-scipy-debuginforedhat-upgrade-python38-setuptoolsredhat-upgrade-python38-setuptools-wheelredhat-upgrade-python38-sixredhat-upgrade-python38-testredhat-upgrade-python38-tkinterredhat-upgrade-python38-urllib3redhat-upgrade-python38-wcwidthredhat-upgrade-python38-wheelredhat-upgrade-python38-wheel-wheelredhat-upgrade-pyyaml-debugsourceredhat-upgrade-scipy-debugsource
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.