CRITICAL✓ PATCH🇬🇧 English

CVE-2021-29921

CVSS 9.8v3.1pub. 2021-05-06upd. 2025-11-03

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Communications Cloud Native Core Automated Test Suite

    APP
    Oracle
    1.8.0
  • Oracle Communications Cloud Native Core Binding Support Function

    APP
    Oracle
    1.11.0
  • Oracle Communications Cloud Native Core Network Slice Selection Function

    APP
    Oracle
    1.8.0
  • Oracle Graalvm

    APP
    Oracle
    20.3.221.1.0
  • Oracle Zfs Storage Appliance Kit

    APP
    Oracle
    8.8
  • Python

    APP
    Python
    3.9.0 – 3.9.5 (bez)3.8.0 – 3.8.12 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22947CRITICAL10.0⚠ KEVten sam produkt

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2017-1000353CRITICAL9.8⚠ KEVten sam produkt

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remot...