Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2021-4189

Updated: 2022-05-31 06:03:54.740765

Description:

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS python 2.6.6 Ignored 2022-03-29 07:04:34.985485
CentOS 8.4 ELS python2 2.7.18 Released CLSA-2022:1654525948 2022-06-06 11:47:46.549536
CentOS 8.4 ELS python3 3.6.8 Released CLSA-2022:1653920195 2022-05-30 11:37:57.314538
CentOS 8.5 ELS python2 2.7.18 Released CLSA-2022:1654526367 2022-06-06 11:47:46.640332
CentOS 8.5 ELS python3 3.6.8 Released CLSA-2022:1654010877 2022-05-31 11:38:34.828633
CloudLinux 6 ELS python 2.6.6 Ignored 2022-03-29 07:04:34.921606
Oracle Linux 6 ELS python 2.6.6 Ignored 2022-03-29 07:04:34.870237
Ubuntu 16.04 ELS python3 3.5.2-2ubuntu0~16.04.13 Released CLSA-2022:1649348075 2022-04-07 15:56:36.77302
Ubuntu 16.04 ELS python 2.7.12-1ubuntu0~16.04.13 Released CLSA-2022:1649170553 2022-04-05 13:13:18.461356

Statement

Will not fix: low score