CVE-2021-29921 - log back

CVE-2021-29921 edited at 06 May 2021 17:35:34
Description
- A security issue was found in Python before version 3.9.5. The ipaddress module accepted leading zeros in IPv4 addresses, which are ambiguous and interpreted as octal notation by some libraries.
+ Improper input validation of octal strings in Python stdlib ipaddress before version 3.9.5 allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.
CVE-2021-29921 edited at 04 May 2021 16:53:58
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue was found in Python before version 3.9.5. The ipaddress module accepted leading zeros in IPv4 addresses, which are ambiguous and interpreted as octal notation by some libraries.
References
+ https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
+ https://bugs.python.org/issue36384
+ https://github.com/python/cpython/pull/25099
+ https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04
Notes
CVE-2021-29921 created at 04 May 2021 16:47:44