CVE-2021-3426

Name
CVE-2021-3426
Description
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
MLIST https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1935913
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
GENTOO https://security.gentoo.org/glsa/202104-04
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
CONFIRM https://security.netapp.com/advisory/ntap-20210629-0003/
MISC https://www.oracle.com/security-alerts/cpuoct2021.html
Patch https://www.oracle.com/security-alerts/cpujan2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= None < 2.7.18
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= 3.6.0 < 3.6.13
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= 3.7.0 < 3.7.10
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= 3.8.0 < 3.8.8
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* python >= 3.9.0 < 3.9.3
cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:* python == None == 3.10.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status