summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Gladky <gladk@debian.org>2021-04-03 22:29:44 +0200
committerAnton Gladky <gladk@debian.org>2021-04-03 22:29:44 +0200
commitff0ea77b0e59f2dc37ee2f996df7edddfb227cbe (patch)
treea841444b23fafadc7562054536437ebc81cf1a11
parent20c6cdbcdbdef1ba9f21655604a6f0a097e96e27 (diff)
Update information about CVE-2021-3426
-rw-r--r--data/CVE/2021.list3
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 15dc352e0f..648a1fcbdc 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -4366,7 +4366,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A
- courier-authlib 0.71.1-2 (bug #984810)
NOTE: Re-introduction of #378571 while migrating from debian/permissions to
NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
-CVE-2021-3426
+CVE-2021-3426 (Running `pydoc -p` allows other local users to extract arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on the filesystem.)
RESERVED
[experimental] - python3.9 3.9.3-1
- python3.9 <unfixed>
@@ -4376,6 +4376,7 @@ CVE-2021-3426
- python3.5 <removed>
- python2.7 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.python.org/issue42988
+ NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048
NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html
NOTE: https://github.com/python/cpython/pull/24337
NOTE: https://github.com/python/cpython/pull/24285

© 2014-2024 Faster IT GmbH | imprint | privacy policy