INFSA-2021:4201: babel security update
Information about definition
Identificator: INFSA-2021:4201
Type: security
Release date: 2025-10-31 13:08:11 UTC
Information about package
Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR (Common Locale Data Repository), providing access to various locale display names, localized number and date formatting, etc.
Vulnerabilities description
- CVE-2021-20095
A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
- CVE-2021-42771
A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2021-20095
|
no information | 7.8 | no information |
|
NIST — CVE-2021-42771
|
no information | 7.8 | no information |
Updated packages
Preparing to download...