VDB

PYSEC-2021-421

PYSEC-2021-421 PUBLISHED CVSS 9.300000190734863 CRITICAL

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
PyPIbabel2.2.0, 0.9.2, 0.8

Timeline

  • Oct 20, 2021 CVE Published
  • Nov 8, 2023 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›