Home > Vulnerability Database > CVE-2021-3426

Mend.io Vulnerability Database

CVE-2021-3426

Date: May 19, 2021

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Language: Python

Severity Score

5.7

Related Resources (30)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/

Url: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/

Url: https://www.oracle.com/security-alerts/cpujan2022.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1935913

Url: https://bugs.python.org/issue42988

Url: https://security.alpinelinux.org/vuln/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/

Url: https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1917807

Url: https://www.oracle.com/security-alerts/cpuoct2021.html

Url: https://security.gentoo.org/glsa/202104-04

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/

Url: https://access.redhat.com/security/cve/CVE-2021-3426

Url: https://security.netapp.com/advisory/ntap-20210629-0003/

Url: https://security-tracker.debian.org/tracker/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3426

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/

Url: https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/

Url: https://www.mend.io/vulnerability-database/CVE-2021-3426

Severity Score

5.7

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.7
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3426

Date: May 19, 2021

Language: Python

Severity Score

Related Resources (30)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?