CVE-2021-42771

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
20/10/2021
Last modified:
14/12/2021

Description

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pocoo:babel:*:*:*:*:*:*:*:* 2.9.1 (excluding)
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*