← Back

CVE-2021-4189

nvd nist
Published: Aug 24, 2022Modified: Dec 17, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Affected (10)

Show all products
Python: Python · Debian: Debian Linux · Redhat: Enterprise Linux, Software Collections · Netapp: Ontap Select Deploy Administration Utility
Python
1 product
Python
Debian
1 product
Debian Linux
Redhat
2 products
Enterprise Linux
Software Collections
Netapp
1 product
Ontap Select Deploy Administration Utility
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Python
Python
From 3.6.0 to 3.6.14
Python
From 3.7.0 to 3.7.11
Python
From 3.8.0 to 3.8.9
Python
From 3.9.0 to 3.9.3
Python
Version 3.10.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Software Collections
All versions
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Ontap Select Deploy Administration Utility
All versions

Related CWEs

CWE-252
Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References (19)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.