CVE-2021-29921 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
Improper input validation of octal strings in Python stdlib ipaddress before version 3.9.5 allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.
Group Package Affected Fixed Severity Status Ticket
AVG-1913 python 3.9.4-1 3.9.5-1 Medium Fixed
References
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://bugs.python.org/issue36384
https://github.com/python/cpython/pull/25099
https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04