Your submission was sent successfully! Close

CVE-2021-4189

Published: 31 December 2021

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
python2.7
Launchpad, Ubuntu, Debian
bionic
Released (2.7.17-1~18.04ubuntu1.7)
focal Needed

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needed

kinetic Needed

trusty
Released (2.7.6-8ubuntu0.6+esm12)
upstream Needs triage

xenial
Released (2.7.12-1ubuntu0~16.04.18+esm1)
python3.10
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(3.10.0-2)
jammy Not vulnerable
(3.10.0-2)
kinetic Not vulnerable
(3.10.0-2)
trusty Does not exist

upstream Needs triage

xenial Does not exist

Patches:
upstream: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e



python3.4
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty
Released (3.4.3-1ubuntu1~14.04.7+esm12)
upstream Needed

xenial Does not exist

python3.5
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Needed

upstream Needed

xenial
Released (3.5.2-2ubuntu0~16.04.13+esm2)
python3.6
Launchpad, Ubuntu, Debian
bionic
Released (3.6.9-1~18.04ubuntu1.7)
focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (3.6.14)
xenial Does not exist

Patches:

upstream: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88


python3.7
Launchpad, Ubuntu, Debian
bionic Needed

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (3.7.11)
xenial Does not exist

Patches:


upstream: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33

python3.8
Launchpad, Ubuntu, Debian
bionic Needed

focal Not vulnerable

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needed

xenial Does not exist

python3.9
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needed

hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(3.9.7-2build1)
jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (3.9.7-1)
xenial Does not exist

Patches:



upstream: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335