Amazon Linux 1 Security Advisory: ALAS-2023-1720
Advisory Release Date: 2023-03-30 22:50 Pacific
Advisory Updated Date: 2023-04-05 20:23 Pacific
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. (CVE-2021-42771)
Affected Packages:
python-babel
Issue Correction:
Run yum update python-babel to update your system.
noarch:
python27-babel-0.9.4-5.1.9.amzn1.noarch
python26-babel-0.9.4-5.1.9.amzn1.noarch
src:
python-babel-0.9.4-5.1.9.amzn1.src