Description

Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.

Remediation

References

CVE-2021-29921

Related Vulnerabilities

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.39)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2101)

WordPress Plugin WPtouch Multiple Cross-Site Scripting Vulnerabilities (3.7.3)

WordPress Plugin SEO SearchTerms Tagging 2 Multiple Vulnerabilities (1.535)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8233)

Severity

Critical

Classification

CVE-2021-29921 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities