CVE-2021-4189
Summary
| CVE | CVE-2021-4189 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-24 16:15:00 UTC |
|---|
| Updated | 2023-06-30 23:15:00 UTC |
|---|
| Description | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| bpo-43285 Make ftplib not trust the PASV response. (GH-24838) · python/cpython@0ab152c · GitHub |
MISC |
github.com |
|
| CVE-2021-4189 Python Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| [SECURITY] [DLA 3477-1] python3.7 security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 3432-1] python2.7 security update |
MLIST |
lists.debian.org |
|
| Issue 43285: ftplib should not use the host from the PASV response - Python tracker |
MISC |
bugs.python.org |
|
| CVE-2021-4189 |
MISC |
security-tracker.debian.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| 2036020 – (CVE-2021-4189) CVE-2021-4189 python: ftplib should not use the host from the PASV response |
MISC |
bugzilla.redhat.com |
|
| ftplib should not use the host from the PASV response — Python Security 0.0 documentation |
MISC |
python-security.readthedocs.io |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159808 Oracle Enterprise Linux Security Update for python3 (ELSA-2022-1986)
- 159819 Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2022-1821)
- 179069 Debian Security Update for python2.7 (DLA 2919-1)
- 181802 Debian Security Update for python2.7 (DLA 3432-1)
- 198714 Ubuntu Security Notification for Python Vulnerabilities (USN-5342-1)
- 240254 Red Hat Update for python27-python and python27-python-pip (RHSA-2022:1663)
- 240302 Red Hat Update for python27:2.7 (RHSA-2022:1821)
- 240313 Red Hat Update for python3 (RHSA-2022:1986)
- 282427 Fedora Security Update for python2.7 (FEDORA-2022-18ad73aba6)
- 282428 Fedora Security Update for python2.7 (FEDORA-2022-ef99a016f6)
- 353942 Amazon Linux Security Advisory for python : ALAS2-2022-1802
- 353955 Amazon Linux Security Advisory for python27 : ALAS-2022-1593
- 6000019 Debian Security Update for python3.7 (DLA 3477-1)
- 671550 EulerOS Security Update for python3 (EulerOS-SA-2022-1582)
- 671614 EulerOS Security Update for python2 (EulerOS-SA-2022-1581)
- 671634 EulerOS Security Update for python3 (EulerOS-SA-2022-1664)
- 671643 EulerOS Security Update for python3 (EulerOS-SA-2022-1650)
- 671674 EulerOS Security Update for python (EulerOS-SA-2022-1757)
- 671858 EulerOS Security Update for python (EulerOS-SA-2022-1911)
- 751895 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:0882-1)
- 751961 OpenSUSE Security Update for python (openSUSE-SU-2022:1091-1)
- 751976 SUSE Enterprise Linux Security Update for python (SUSE-SU-2022:1140-1)
- 751979 SUSE Enterprise Linux Security Update for python (SUSE-SU-2022:1091-1)
- 940499 AlmaLinux Security Update for python27:2.7 (ALSA-2022:1821)
- 940530 AlmaLinux Security Update for python3 (ALSA-2022:1986)
- 960259 Rocky Linux Security Update for python27:2.7 (RLSA-2022:1821)
- 960408 Rocky Linux Security Update for python3 (RLSA-2022:1986)
