Home > Vulnerability Database > CVE-2021-3426

Mend.io Vulnerability Database

CVE-2021-3426

Good to know:

Date: May 20, 2021

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Language: Python

Severity Score

5.7

Related Resources (22)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/

Url: https://security.gentoo.org/glsa/202104-04

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/

Url: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048

Url: https://access.redhat.com/security/cve/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/

Url: https://security.netapp.com/advisory/ntap-20210629-0003/

Url: https://www.oracle.com/security-alerts/cpujan2022.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/

Url: https://security-tracker.debian.org/tracker/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1935913

Url: https://bugs.python.org/issue42988

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3426

Url: https://security.alpinelinux.org/vuln/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/

Url: https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html

Url: https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

Url: https://www.oracle.com/security-alerts/cpuoct2021.html

Url: https://www.mend.io/vulnerability-database/CVE-2021-3426

Severity Score

5.7

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v3.8.9,v3.9.3

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.7
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3426

Good to know:

Date: May 20, 2021

Language: Python

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?