scrapedia/scrapy-cookies

CVE-2021-42771 (High) detected in Babel-2.8.0-py2.py3-none-any.whl

Opened this issue · 0 comments

CVE-2021-42771 - High Severity Vulnerability

Vulnerable Library - Babel-2.8.0-py2.py3-none-any.whl

Internationalization utilities

Library home page: https://files.pythonhosted.org/packages/15/a1/522dccd23e5d2e47aed4b6a16795b8213e3272c7506e625f2425ad025a19/Babel-2.8.0-py2.py3-none-any.whl

Path to dependency file: /docs/requirements.txt

Path to vulnerable library: /docs/requirements.txt

Dependency Hierarchy:

  • sphinx_rtd_theme-0.5.0-py2.py3-none-any.whl (Root Library)
    • Sphinx-1.8.5-py2.py3-none-any.whl
      • Babel-2.8.0-py2.py3-none-any.whl (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Publish Date: 2021-10-20

URL: CVE-2021-42771

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771

Release Date: 2021-10-20

Fix Resolution: Babel - 2.9.1


Step up your Open Source Security Game with Mend here