[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-42771":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":53,"downstream":54,"duplicates":93,"related":94,"reserved_at":9,"published_at":104,"modified_at":105,"state":106,"summary":107,"references_raw":115,"kevs":167,"epss":168,"epss_history":171,"metrics":430,"affected":446},"CVE-2021-42771","Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_FBCC276169A2242C","Exploit Reference (tenable.com)","reference","https://www.tenable.com/security/research/tra-2021-14","unknown",0.2,false,[],[51,52],"GHSA-h4m5-qpfp-3mpv","PYSEC-2021-421",[],[55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91],{"_key":56},"ALPINE-CVE-2021-42771",{"_key":58},"UBUNTU-CVE-2021-42771",{"_key":60},"SUSE-SU-2021:3945-1",{"_key":62},"SUSE-SU-2021:4161-1",{"_key":64},"SUSE-SU-2022:0028-1",{"_key":66},"SUSE-SU-2022:0029-1",{"_key":68},"SUSE-SU-2022:3590-1",{"_key":70},"OPENSUSE-SU-2021:1553-1",{"_key":72},"OPENSUSE-SU-2021:3945-1",{"_key":74},"OPENSUSE-SU-2024:11602-1",{"_key":76},"OPENSUSE-SU-2024:14127-1",{"_key":78},"DLA-2790-1",{"_key":80},"DSA-5018-1",{"_key":82},"RHSA-2021:3252",{"_key":84},"RHSA-2021:4151",{"_key":86},"RHSA-2021:4201",{"_key":88},"RHSA-2021:3254",{"_key":90},"RHSA-2021:4162",{"_key":92},"DEBIAN-CVE-2021-42771",[],[95,96,97,98,99,100,101,102,103],{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},"2021-10-20T20:05:35.000Z","2024-08-04T03:38:50.154Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":108,"epss_score":109,"severity":110,"severity_score":111,"severity_version":112,"severity_source":113,"severity_vector":114,"severity_status":106},"low",0.00169,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[116,125,130,135,140,146,151,155,159,163],{"url":45,"sources":117,"tags":120},[118,113,119],"cve.org","osv_pypi",[121,122,123,124],"X Refsource MISC","Exploit","Third Party Advisory","WEB",{"url":126,"sources":127,"tags":128},"https://github.com/python-babel/babel/pull/782",[118,113,119],[121,129,123,124],"Patch",{"url":131,"sources":132,"tags":133},"https://lists.debian.org/debian-lts/2021/10/msg00040.html",[118,113,119],[121,134,123,124],"Mailing List",{"url":136,"sources":137,"tags":138},"https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html",[118,113,119],[134,139,123,124],"X Refsource MLIST",{"url":141,"sources":142,"tags":143},"https://www.debian.org/security/2021/dsa-5018",[118,113,119],[144,145,123,124],"Vendor Advisory","X Refsource DEBIAN",{"url":147,"sources":148,"tags":149},"https://nvd.nist.gov/vuln/detail/CVE-2021-42771",[119],[150],"Advisory",{"url":152,"sources":153,"tags":154},"https://github.com/python-babel/babel/commit/412015ef642bfcc0d8ba8f4d05cdbb6aac98d9b3",[119],[124],{"url":156,"sources":157,"tags":158},"https://github.com/advisories/GHSA-h4m5-qpfp-3mpv",[119],[150],{"url":160,"sources":161,"tags":162},"https://github.com/pypa/advisory-database/tree/main/vulns/babel/PYSEC-2021-421.yaml",[119],[124],{"url":164,"sources":165,"tags":166},"https://github.com/python-babel/babel",[119],[124],[],{"date":169,"score":109,"percentile":170},"2026-06-04",0.3785,[172,176,179,182,185,188,191,194,197,200,203,206,209,212,215,219,222,225,227,230,233,236,239,242,245,248,251,254,257,259,262,265,268,271,274,277,280,283,285,288,291,294,297,300,302,305,308,311,313,316,318,321,324,327,330,332,335,338,340,342,345,348,350,353,355,357,360,363,365,368,371,374,377,380,383,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427],{"date":173,"score":174,"percentile":175},"2025-11-04",0.0013,0.33332,{"date":177,"score":174,"percentile":178},"2025-11-05",0.33316,{"date":180,"score":174,"percentile":181},"2025-11-06",0.33315,{"date":183,"score":174,"percentile":184},"2025-11-07",0.33331,{"date":186,"score":174,"percentile":187},"2025-11-08",0.3333,{"date":189,"score":174,"percentile":190},"2025-11-09",0.33307,{"date":192,"score":174,"percentile":193},"2025-11-10",0.33253,{"date":195,"score":174,"percentile":196},"2025-11-11",0.33277,{"date":198,"score":174,"percentile":199},"2025-11-12",0.33324,{"date":201,"score":174,"percentile":202},"2025-11-13",0.33338,{"date":204,"score":174,"percentile":205},"2025-11-14",0.33342,{"date":207,"score":174,"percentile":208},"2025-11-15",0.3334,{"date":210,"score":174,"percentile":211},"2025-11-16",0.33308,{"date":213,"score":174,"percentile":214},"2025-11-17",0.3328,{"date":216,"score":217,"percentile":218},"2025-11-18",0.00227,0.41686,{"date":220,"score":217,"percentile":221},"2025-11-19",0.41703,{"date":223,"score":217,"percentile":224},"2025-11-20",0.41712,{"date":226,"score":174,"percentile":181},"2025-11-21",{"date":228,"score":174,"percentile":229},"2025-11-22",0.33321,{"date":231,"score":174,"percentile":232},"2025-11-23",0.33287,{"date":234,"score":174,"percentile":235},"2025-11-24",0.33261,{"date":237,"score":174,"percentile":238},"2025-11-25",0.33258,{"date":240,"score":174,"percentile":241},"2025-11-26",0.33255,{"date":243,"score":174,"percentile":244},"2025-11-27",0.33264,{"date":246,"score":174,"percentile":247},"2025-11-28",0.33245,{"date":249,"score":174,"percentile":250},"2025-11-29",0.33227,{"date":252,"score":174,"percentile":253},"2025-11-30",0.33204,{"date":255,"score":174,"percentile":256},"2025-12-01",0.33296,{"date":258,"score":174,"percentile":211},"2025-12-02",{"date":260,"score":174,"percentile":261},"2025-12-03",0.33305,{"date":263,"score":174,"percentile":264},"2025-12-04",0.33207,{"date":266,"score":174,"percentile":267},"2025-12-05",0.33241,{"date":269,"score":174,"percentile":270},"2025-12-06",0.33195,{"date":272,"score":174,"percentile":273},"2025-12-07",0.33174,{"date":275,"score":174,"percentile":276},"2025-12-08",0.33188,{"date":278,"score":174,"percentile":279},"2025-12-09",0.33237,{"date":281,"score":174,"percentile":282},"2025-12-10",0.33295,{"date":284,"score":174,"percentile":181},"2025-12-11",{"date":286,"score":174,"percentile":287},"2025-12-12",0.33345,{"date":289,"score":174,"percentile":290},"2025-12-13",0.33329,{"date":292,"score":174,"percentile":293},"2025-12-14",0.33304,{"date":295,"score":174,"percentile":296},"2025-12-15",0.33257,{"date":298,"score":174,"percentile":299},"2025-12-16",0.33282,{"date":301,"score":174,"percentile":208},"2025-12-17",{"date":303,"score":174,"percentile":304},"2025-12-18",0.33389,{"date":306,"score":174,"percentile":307},"2025-12-19",0.33411,{"date":309,"score":174,"percentile":310},"2025-12-20",0.33396,{"date":312,"score":174,"percentile":202},"2025-12-21",{"date":314,"score":174,"percentile":315},"2025-12-22",0.3331,{"date":317,"score":174,"percentile":211},"2025-12-23",{"date":319,"score":174,"percentile":320},"2025-12-24",0.33301,{"date":322,"score":174,"percentile":323},"2025-12-25",0.33368,{"date":325,"score":174,"percentile":326},"2025-12-26",0.33347,{"date":328,"score":174,"percentile":329},"2025-12-27",0.33357,{"date":331,"score":174,"percentile":238},"2025-12-28",{"date":333,"score":174,"percentile":334},"2025-12-29",0.33223,{"date":336,"score":174,"percentile":337},"2025-12-30",0.33215,{"date":339,"score":174,"percentile":244},"2025-12-31",{"date":341,"score":174,"percentile":307},"2026-01-01",{"date":343,"score":174,"percentile":344},"2026-01-02",0.33397,{"date":346,"score":174,"percentile":347},"2026-01-03",0.33382,{"date":349,"score":174,"percentile":267},"2026-01-04",{"date":351,"score":174,"percentile":352},"2026-01-05",0.33225,{"date":354,"score":174,"percentile":279},"2026-01-06",{"date":356,"score":174,"percentile":241},"2026-01-07",{"date":358,"score":174,"percentile":359},"2026-01-08",0.33285,{"date":361,"score":174,"percentile":362},"2026-01-09",0.33286,{"date":364,"score":174,"percentile":362},"2026-01-10",{"date":366,"score":174,"percentile":367},"2026-01-11",0.33265,{"date":369,"score":174,"percentile":370},"2026-01-12",0.33196,{"date":372,"score":174,"percentile":373},"2026-01-13",0.33181,{"date":375,"score":174,"percentile":376},"2026-01-14",0.33224,{"date":378,"score":174,"percentile":379},"2026-01-15",0.3322,{"date":381,"score":174,"percentile":382},"2026-01-16",0.3324,{"date":384,"score":174,"percentile":352},"2026-01-17",{"date":386,"score":174,"percentile":387},"2026-01-18",0.33162,{"date":389,"score":174,"percentile":390},"2026-01-19",0.33128,{"date":392,"score":174,"percentile":393},"2026-01-20",0.33114,{"date":395,"score":174,"percentile":396},"2026-01-21",0.33073,{"date":398,"score":174,"percentile":399},"2026-01-22",0.33046,{"date":401,"score":174,"percentile":402},"2026-01-23",0.3311,{"date":404,"score":174,"percentile":405},"2026-01-24",0.33118,{"date":407,"score":174,"percentile":408},"2026-01-25",0.33044,{"date":410,"score":174,"percentile":411},"2026-01-26",0.32969,{"date":413,"score":174,"percentile":414},"2026-01-27",0.32959,{"date":416,"score":174,"percentile":417},"2026-01-28",0.32933,{"date":419,"score":174,"percentile":420},"2026-01-29",0.32893,{"date":422,"score":174,"percentile":423},"2026-01-30",0.3288,{"date":425,"score":174,"percentile":426},"2026-01-31",0.32889,{"date":428,"score":174,"percentile":429},"2026-02-01",0.3298,[431,441],{"source":113,"cvss_v2_0":432,"cvss_v3_0":9,"cvss_v3_1":437,"cvss_v4_0":9},{"baseScore":433,"baseSeverity":9,"vectorString":434,"impactScore":435,"exploitabilityScore":436},7.2,"AV:L/AC:L/Au:N/C:C/I:C/A:C",10,3.9,{"baseScore":111,"baseSeverity":438,"vectorString":114,"impactScore":439,"exploitabilityScore":440},"HIGH",9.8,4.6,{"source":119,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":443},{"baseScore":111,"baseSeverity":9,"vectorString":114,"impactScore":439,"exploitabilityScore":440},{"baseScore":444,"baseSeverity":9,"vectorString":445,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[447,456,466],{"ecosystem":9,"name":448,"vendor":449,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"debian linux","debian","debian_linux","o",[453],{"version":454,"is_range":48,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":457,"vendor":458,"product":457,"cpe_part":459,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"babel","pocoo","a",[461],{"version":462,"is_range":463,"range_type":455,"version_start":9,"version_start_type":9,"version_end":464,"version_end_type":465,"fixed_in":9},"lt2.9.1",true,"2.9.1","excluding",{"ecosystem":467,"name":457,"vendor":467,"product":457,"cpe_part":9,"purl_type":468,"purl_namespace":9,"purl_name":457,"source":9,"versions":469},"PyPI","pypi",[470],{"version":471,"is_range":463,"range_type":472,"version_start":9,"version_start_type":9,"version_end":464,"version_end_type":465,"fixed_in":9},"lt2_9_1","ecosystem"]