Source: python-babel Version: 2.8.0+dfsg.1-6 Severity: important Tags: security upstream Forwarded: https://github.com/python-babel/babel/pull/782 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 2.6.0+dfsg.1-1
Hi, The following vulnerability was published for python-babel. CVE-2021-20095[0]: | Relative Path Traversal in Babel 2.9.0 allows an attacker to load | arbitrary locale files on disk and execute arbitrary code. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-20095 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20095 [1] https://github.com/python-babel/babel/pull/782 [2] https://www.tenable.com/security/research/tra-2021-14 Regards, Salvatore

