{"api_version":"1","generated_at":"2026-04-23T00:40:08+00:00","cve":"CVE-2021-3426","urls":{"html":"https://cve.report/CVE-2021-3426","api":"https://cve.report/api/cve/CVE-2021-3426.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3426","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3426"},"summary":{"title":"CVE-2021-3426","description":"There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-20 13:15:00","updated_at":"2023-11-07 03:38:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html","name":"[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2619-1] python3.5 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/","name":"FEDORA-2021-067c9deff1","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: python3-docs-3.9.4-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/","name":"FEDORA-2021-a26257ccf5","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: python3.8-3.8.9-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/","name":"FEDORA-2021-a26257ccf5","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: python3.8-3.8.9-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/","name":"FEDORA-2021-2ab6f060d9","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: python3.8-3.8.9-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/","name":"FEDORA-2021-a311bf10d4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: python39-3.9.4-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html","name":"[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3477-1] python3.7 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20210629-0003/","name":"https://security.netapp.com/advisory/ntap-20210629-0003/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-3426 Python Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1935913","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1935913","refsource":"MISC","tags":[],"title":"1935913 – (CVE-2021-3426) CVE-2021-3426 python: information disclosure via pydoc","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/","name":"FEDORA-2021-b6b6093b3a","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/","name":"FEDORA-2021-0a8f3ffbc0","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: python3.9-3.9.4-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/","name":"FEDORA-2021-0a8f3ffbc0","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: python3.9-3.9.4-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/","name":"FEDORA-2021-1769a23935","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: mingw-python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","name":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - October 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - January 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/","name":"FEDORA-2021-1769a23935","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: mingw-python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/","name":"FEDORA-2021-067c9deff1","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: python3-docs-3.9.4-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202104-04","name":"GLSA-202104-04","refsource":"GENTOO","tags":[],"title":"Python: Multiple vulnerabilities (GLSA 202104-04) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/","name":"FEDORA-2021-2ab6f060d9","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: python3.8-3.8.9-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/","name":"FEDORA-2021-a311bf10d4","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: python39-3.9.4-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/","name":"FEDORA-2021-b6b6093b3a","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: python3-3.8.9-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3426","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3426","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"cloud_backup","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap_select_deploy_administration_utility","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"snapcenter","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_binding_support_function","cpe6":"1.10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"zfs_storage_appliance_kit","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"3.10.0","cpe7":"alpha6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3426","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"software_collections","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3426","qid":"159466","title":"Oracle Enterprise Linux Security Update for python39:3.9 and python39-devel:3.9 (ELSA-2021-4160)"},{"cve":"CVE-2021-3426","qid":"159467","title":"Oracle Enterprise Linux Security Update for python38:3.8 and python38-devel:3.8 (ELSA-2021-4162)"},{"cve":"CVE-2021-3426","qid":"159507","title":"Oracle Enterprise Linux Security Update for python3 (ELSA-2021-4399)"},{"cve":"CVE-2021-3426","qid":"159563","title":"Oracle Enterprise Linux Security Update for python3 (ELSA-2021-9562)"},{"cve":"CVE-2021-3426","qid":"174989","title":"SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2021:1490-1)"},{"cve":"CVE-2021-3426","qid":"174992","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2021:1557-1)"},{"cve":"CVE-2021-3426","qid":"178536","title":"Debian Security Update for python3.5 (DLA 2619-1)"},{"cve":"CVE-2021-3426","qid":"180426","title":"Debian Security Update for pypy3 (CVE-2021-3426)"},{"cve":"CVE-2021-3426","qid":"198714","title":"Ubuntu Security Notification for Python Vulnerabilities (USN-5342-1)"},{"cve":"CVE-2021-3426","qid":"239580","title":"Red Hat Update for rh-python38 (RHSA-2021:3254)"},{"cve":"CVE-2021-3426","qid":"239820","title":"Red Hat Update for python3 (RHSA-2021:4399)"},{"cve":"CVE-2021-3426","qid":"239841","title":"Red Hat Update for python39:3.9 and python39-devel:3.9 (RHSA-2021:4160)"},{"cve":"CVE-2021-3426","qid":"239845","title":"Red Hat Update for python38:3.8 and python38-devel:3.8 (RHSA-2021:4162)"},{"cve":"CVE-2021-3426","qid":"281328","title":"Fedora Security Update for mingw (FEDORA-2021-1769a23935)"},{"cve":"CVE-2021-3426","qid":"281354","title":"Fedora Security Update for python39 (FEDORA-2021-a311bf10d4)"},{"cve":"CVE-2021-3426","qid":"281358","title":"Fedora Security Update for python3 (FEDORA-2021-b6b6093b3a)"},{"cve":"CVE-2021-3426","qid":"281359","title":"Fedora Security Update for python3.8 (FEDORA-2021-a26257ccf5)"},{"cve":"CVE-2021-3426","qid":"281360","title":"Fedora Security Update for python3.8 (FEDORA-2021-2ab6f060d9)"},{"cve":"CVE-2021-3426","qid":"281361","title":"Fedora Security Update for python3 (FEDORA-2021-0a8f3ffbc0)"},{"cve":"CVE-2021-3426","qid":"281362","title":"Fedora Security Update for python3 (FEDORA-2021-067c9deff1)"},{"cve":"CVE-2021-3426","qid":"296059","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 36.0.1.101.2 Missing (CPUJUL2021)"},{"cve":"CVE-2021-3426","qid":"352278","title":"Amazon Linux Security Update for python35: ALAS-2021-1498"},{"cve":"CVE-2021-3426","qid":"352305","title":"Amazon Linux Security Advisory for python36: ALAS-2021-1500"},{"cve":"CVE-2021-3426","qid":"352365","title":"Amazon Linux Security Advisory for python34: ALAS-2021-1504"},{"cve":"CVE-2021-3426","qid":"352371","title":"Amazon Linux Security Advisory for python3: ALAS2-2021-1640"},{"cve":"CVE-2021-3426","qid":"502020","title":"Alpine Linux Security Update for python3"},{"cve":"CVE-2021-3426","qid":"504346","title":"Alpine Linux Security Update for python3"},{"cve":"CVE-2021-3426","qid":"6000019","title":"Debian Security Update for python3.7 (DLA 3477-1)"},{"cve":"CVE-2021-3426","qid":"670829","title":"EulerOS Security Update for python3 (EulerOS-SA-2021-2718)"},{"cve":"CVE-2021-3426","qid":"670940","title":"EulerOS Security Update for python3 (EulerOS-SA-2021-2693)"},{"cve":"CVE-2021-3426","qid":"671010","title":"EulerOS Security Update for python3 (EulerOS-SA-2021-2640)"},{"cve":"CVE-2021-3426","qid":"690176","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for python (f671c282-95ef-11eb-9c34-080027f515ea)"},{"cve":"CVE-2021-3426","qid":"710014","title":"Gentoo Linux Python Multiple Vulnerabilities (GLSA 202104-04)"},{"cve":"CVE-2021-3426","qid":"751261","title":"SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2021:3486-1)"},{"cve":"CVE-2021-3426","qid":"751494","title":"OpenSUSE Security Update for python3 (openSUSE-SU-2021:4104-1)"},{"cve":"CVE-2021-3426","qid":"751548","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2021:4015-2)"},{"cve":"CVE-2021-3426","qid":"940028","title":"AlmaLinux Security Update for python3 (ALSA-2021:4399)"},{"cve":"CVE-2021-3426","qid":"940526","title":"AlmaLinux Security Update for python38:3.8 and python38-devel:3.8 (ALSA-2021:4162)"},{"cve":"CVE-2021-3426","qid":"940559","title":"AlmaLinux Security Update for python39:3.9 and python39-devel:3.9 (ALSA-2021:4160)"},{"cve":"CVE-2021-3426","qid":"960239","title":"Rocky Linux Security Update for python39:3.9 and python39-devel:3.9 (RLSA-2021:4160)"},{"cve":"CVE-2021-3426","qid":"960342","title":"Rocky Linux Security Update for python38:3.8 and python38-devel:3.8 (RLSA-2021:4162)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3426","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"python","version":{"version_data":[{"version_value":"python 3.8.9, python 3.9.3, python 3.10.0a7"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200"}]}]},"references":{"reference_data":[{"refsource":"MLIST","name":"[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update","url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"},{"refsource":"FEDORA","name":"FEDORA-2021-a311bf10d4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"},{"refsource":"FEDORA","name":"FEDORA-2021-2ab6f060d9","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"},{"refsource":"FEDORA","name":"FEDORA-2021-1769a23935","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"},{"refsource":"FEDORA","name":"FEDORA-2021-b6b6093b3a","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"},{"refsource":"FEDORA","name":"FEDORA-2021-067c9deff1","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"},{"refsource":"FEDORA","name":"FEDORA-2021-0a8f3ffbc0","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"},{"refsource":"FEDORA","name":"FEDORA-2021-a26257ccf5","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"},{"refsource":"GENTOO","name":"GLSA-202104-04","url":"https://security.gentoo.org/glsa/202104-04"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1935913","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1935913"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210629-0003/","url":"https://security.netapp.com/advisory/ntap-20210629-0003/"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}]},"description":{"description_data":[{"lang":"eng","value":"There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7."}]}},"nvd":{"publishedDate":"2021-05-20 13:15:00","lastModifiedDate":"2023-11-07 03:38:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.1,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:P/I:N/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.7},"severity":"LOW","exploitabilityScore":5.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.18","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3426","Ordinal":"203243","Title":"CVE-2021-3426","CVE":"CVE-2021-3426","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3426","Ordinal":"1","NoteData":"There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3426","Ordinal":"2","NoteData":"2021-05-20","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3426","Ordinal":"3","NoteData":"2022-02-07","Type":"Other","Title":"Modified"}]}}}