python-babel: CVE-2021-20095

Related Vulnerabilities: CVE-2021-20095  

Debian Bug report logs - #987824
python-babel: CVE-2021-20095

version graph

Reported by: Salvatore Bonaccorso <>

Date: Fri, 30 Apr 2021 12:15:01 UTC

Severity: important

Tags: security, upstream

Found in versions python-babel/2.6.0+dfsg.1-1, python-babel/2.8.0+dfsg.1-6

Forwarded to

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to,,, Debian Python Team <>:
Bug#987824; Package src:python-babel. (Fri, 30 Apr 2021 12:15:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <>:
New Bug report received and forwarded. Copy sent to,, Debian Python Team <>. (Fri, 30 Apr 2021 12:16:08 GMT) (full text, mbox, link).

Message #5 received at (full text, mbox, reply):

From: Salvatore Bonaccorso <>
To: Debian Bug Tracking System <>
Subject: python-babel: CVE-2021-20095
Date: Fri, 30 Apr 2021 14:09:04 +0200
Source: python-babel
Version: 2.8.0+dfsg.1-6
Severity: important
Tags: security upstream
X-Debbugs-Cc:, Debian Security Team <>
Control: found -1 2.6.0+dfsg.1-1


The following vulnerability was published for python-babel.

| Relative Path Traversal in Babel 2.9.0 allows an attacker to load
| arbitrary locale files on disk and execute arbitrary code.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:



Marked as found in versions python-babel/2.6.0+dfsg.1-1. Request was from Salvatore Bonaccorso <> to (Fri, 30 Apr 2021 12:16:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Sat May 1 08:08:13 2021; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.