CVE-2021-42771

Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42771.json

Aliases

Published

2021-10-20T21:15:00Z

Modified

2023-08-31T02:29:38.615519Z

Details

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

References

Affected packages

Alpine:v3.16 / py3-babel

Source Details

Package Name: py3-babel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.9.1-r0

Affected versions

1.*

1.3-r0

2.*

2.1.1-r0

2.3.4-r0

2.3.4-r1

2.3.4-r2

2.4.0-r0

2.5.0-r0

2.5.1-r0

2.5.3-r0

2.6.0-r0

2.6.0-r1

2.7.0-r0

2.7.0-r1

2.7.0-r2

2.8.0-r0

2.8.0-r1

2.8.0-r2

2.8.0-r3

Alpine:v3.17 / py3-babel

Source Details

Package Name: py3-babel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.9.1-r0

Affected versions

1.*

1.3-r0

2.*

2.1.1-r0

2.3.4-r0

2.3.4-r1

2.3.4-r2

2.4.0-r0

2.5.0-r0

2.5.1-r0

2.5.3-r0

2.6.0-r0

2.6.0-r1

2.7.0-r0

2.7.0-r1

2.7.0-r2

2.8.0-r0

2.8.0-r1

2.8.0-r2

2.8.0-r3

Alpine:v3.18 / py3-babel

Source Details

Package Name: py3-babel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.9.1-r0

Affected versions

1.*

1.3-r0

2.*

2.1.1-r0

2.3.4-r0

2.3.4-r1

2.3.4-r2

2.4.0-r0

2.5.0-r0

2.5.1-r0

2.5.3-r0

2.6.0-r0

2.6.0-r1

2.7.0-r0

2.7.0-r1

2.7.0-r2

2.8.0-r0

2.8.0-r1

2.8.0-r2

2.8.0-r3