Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2021-42771: CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Red Hat: CVE-2021-42771: CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (Multiple Advisories)

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

11/09/2021

Created

11/11/2021

Added

11/10/2021

Modified

12/15/2023

Description

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Solution(s)

redhat-upgrade-babel
redhat-upgrade-cython-debugsource
redhat-upgrade-numpy-debugsource
redhat-upgrade-python-cffi-debugsource
redhat-upgrade-python-coverage-debugsource
redhat-upgrade-python-cryptography-debugsource
redhat-upgrade-python-lxml-debugsource
redhat-upgrade-python-markupsafe-debugsource
redhat-upgrade-python-nose-docs
redhat-upgrade-python-psutil-debugsource
redhat-upgrade-python-psycopg2-debuginfo
redhat-upgrade-python-psycopg2-debugsource
redhat-upgrade-python-psycopg2-doc
redhat-upgrade-python-pymongo-debuginfo
redhat-upgrade-python-pymongo-debugsource
redhat-upgrade-python-sqlalchemy-doc
redhat-upgrade-python2
redhat-upgrade-python2-attrs
redhat-upgrade-python2-babel
redhat-upgrade-python2-backports
redhat-upgrade-python2-backports-ssl_match_hostname
redhat-upgrade-python2-bson
redhat-upgrade-python2-bson-debuginfo
redhat-upgrade-python2-chardet
redhat-upgrade-python2-coverage
redhat-upgrade-python2-coverage-debuginfo
redhat-upgrade-python2-cython
redhat-upgrade-python2-cython-debuginfo
redhat-upgrade-python2-debug
redhat-upgrade-python2-debuginfo
redhat-upgrade-python2-debugsource
redhat-upgrade-python2-devel
redhat-upgrade-python2-dns
redhat-upgrade-python2-docs
redhat-upgrade-python2-docs-info
redhat-upgrade-python2-docutils
redhat-upgrade-python2-funcsigs
redhat-upgrade-python2-idna
redhat-upgrade-python2-ipaddress
redhat-upgrade-python2-jinja2
redhat-upgrade-python2-libs
redhat-upgrade-python2-lxml
redhat-upgrade-python2-lxml-debuginfo
redhat-upgrade-python2-markupsafe
redhat-upgrade-python2-mock
redhat-upgrade-python2-nose
redhat-upgrade-python2-numpy
redhat-upgrade-python2-numpy-debuginfo
redhat-upgrade-python2-numpy-doc
redhat-upgrade-python2-numpy-f2py
redhat-upgrade-python2-pip
redhat-upgrade-python2-pip-wheel
redhat-upgrade-python2-pluggy
redhat-upgrade-python2-psycopg2
redhat-upgrade-python2-psycopg2-debug
redhat-upgrade-python2-psycopg2-debug-debuginfo
redhat-upgrade-python2-psycopg2-debuginfo
redhat-upgrade-python2-psycopg2-tests
redhat-upgrade-python2-py
redhat-upgrade-python2-pygments
redhat-upgrade-python2-pymongo
redhat-upgrade-python2-pymongo-debuginfo
redhat-upgrade-python2-pymongo-gridfs
redhat-upgrade-python2-pymysql
redhat-upgrade-python2-pysocks
redhat-upgrade-python2-pytest
redhat-upgrade-python2-pytest-mock
redhat-upgrade-python2-pytz
redhat-upgrade-python2-pyyaml
redhat-upgrade-python2-pyyaml-debuginfo
redhat-upgrade-python2-requests
redhat-upgrade-python2-rpm-macros
redhat-upgrade-python2-scipy
redhat-upgrade-python2-scipy-debuginfo
redhat-upgrade-python2-setuptools
redhat-upgrade-python2-setuptools-wheel
redhat-upgrade-python2-setuptools_scm
redhat-upgrade-python2-six
redhat-upgrade-python2-sqlalchemy
redhat-upgrade-python2-test
redhat-upgrade-python2-tkinter
redhat-upgrade-python2-tools
redhat-upgrade-python2-urllib3
redhat-upgrade-python2-virtualenv
redhat-upgrade-python2-wheel
redhat-upgrade-python2-wheel-wheel
redhat-upgrade-python3-babel
redhat-upgrade-python38
redhat-upgrade-python38-asn1crypto
redhat-upgrade-python38-atomicwrites
redhat-upgrade-python38-attrs
redhat-upgrade-python38-babel
redhat-upgrade-python38-cffi
redhat-upgrade-python38-cffi-debuginfo
redhat-upgrade-python38-chardet
redhat-upgrade-python38-cryptography
redhat-upgrade-python38-cryptography-debuginfo
redhat-upgrade-python38-cython
redhat-upgrade-python38-cython-debuginfo
redhat-upgrade-python38-debug
redhat-upgrade-python38-debuginfo
redhat-upgrade-python38-debugsource
redhat-upgrade-python38-devel
redhat-upgrade-python38-idle
redhat-upgrade-python38-idna
redhat-upgrade-python38-jinja2
redhat-upgrade-python38-libs
redhat-upgrade-python38-lxml
redhat-upgrade-python38-lxml-debuginfo
redhat-upgrade-python38-markupsafe
redhat-upgrade-python38-markupsafe-debuginfo
redhat-upgrade-python38-mod_wsgi
redhat-upgrade-python38-more-itertools
redhat-upgrade-python38-numpy
redhat-upgrade-python38-numpy-debuginfo
redhat-upgrade-python38-numpy-doc
redhat-upgrade-python38-numpy-f2py
redhat-upgrade-python38-packaging
redhat-upgrade-python38-pip
redhat-upgrade-python38-pip-wheel
redhat-upgrade-python38-pluggy
redhat-upgrade-python38-ply
redhat-upgrade-python38-psutil
redhat-upgrade-python38-psutil-debuginfo
redhat-upgrade-python38-psycopg2
redhat-upgrade-python38-psycopg2-debuginfo
redhat-upgrade-python38-psycopg2-doc
redhat-upgrade-python38-psycopg2-tests
redhat-upgrade-python38-py
redhat-upgrade-python38-pycparser
redhat-upgrade-python38-pymysql
redhat-upgrade-python38-pyparsing
redhat-upgrade-python38-pysocks
redhat-upgrade-python38-pytest
redhat-upgrade-python38-pytz
redhat-upgrade-python38-pyyaml
redhat-upgrade-python38-pyyaml-debuginfo
redhat-upgrade-python38-requests
redhat-upgrade-python38-rpm-macros
redhat-upgrade-python38-scipy
redhat-upgrade-python38-scipy-debuginfo
redhat-upgrade-python38-setuptools
redhat-upgrade-python38-setuptools-wheel
redhat-upgrade-python38-six
redhat-upgrade-python38-test
redhat-upgrade-python38-tkinter
redhat-upgrade-python38-urllib3
redhat-upgrade-python38-wcwidth
redhat-upgrade-python38-wheel
redhat-upgrade-python38-wheel-wheel
redhat-upgrade-pyyaml-debugsource
redhat-upgrade-scipy-debugsource

References

DSA-5018
CVE-2021-42771
RHSA-2021:4151
RHSA-2021:4162
RHSA-2021:4201

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2021-42771: CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (Multiple Advisories)

Red Hat: CVE-2021-42771: CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.