Arbitrary Locale File Loading Vulnerability in Babel

Arbitrary Locale File Loading Vulnerability in Babel

CVE-2021-42771 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Learn more about our Web Application Penetration Testing UK.