Description

Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.

Remediation

References

CVE-2021-29921

Related Vulnerabilities

WordPress Plugin Simple Events Calendar SQL Injection (1.3.5)

WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)

WordPress Plugin Pinterest 'Pin It' Button Multiple Unspecified Vulnerabilities (1.3.1)

MySQL CVE-2013-3806 Vulnerability (CVE-2013-3806)

Atlassian Jira Other Vulnerability (CVE-2019-14997)

Severity

Critical

Classification

CVE-2021-29921 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities