{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3426","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2025-12-18T11:45:56.551Z","dateReserved":"2021-03-09T00:00:00.000Z","datePublished":"2021-05-20T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2023-06-30T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7."}],"affected":[{"vendor":"n/a","product":"python","versions":[{"version":"python 3.8.9, python 3.9.3, python 3.10.0a7","status":"affected"}]}],"references":[{"name":"[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"},{"name":"FEDORA-2021-a311bf10d4","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"},{"name":"FEDORA-2021-2ab6f060d9","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"},{"name":"FEDORA-2021-1769a23935","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"},{"name":"FEDORA-2021-b6b6093b3a","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"},{"name":"FEDORA-2021-067c9deff1","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"},{"name":"FEDORA-2021-0a8f3ffbc0","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"},{"name":"FEDORA-2021-a26257ccf5","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"},{"name":"GLSA-202104-04","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202104-04"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1935913"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"url":"https://security.netapp.com/advisory/ntap-20210629-0003/"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200","cweId":"CWE-200"}]}]},"adp":[{"title":"CVE Program Container","references":[{"name":"[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"},{"name":"FEDORA-2021-a311bf10d4","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/"},{"name":"FEDORA-2021-2ab6f060d9","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/"},{"name":"FEDORA-2021-1769a23935","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/"},{"name":"FEDORA-2021-b6b6093b3a","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/"},{"name":"FEDORA-2021-067c9deff1","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/"},{"name":"FEDORA-2021-0a8f3ffbc0","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/"},{"name":"FEDORA-2021-a26257ccf5","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/"},{"name":"GLSA-202104-04","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202104-04"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1935913","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20210629-0003/","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:44:51.975Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.7,"attackVector":"ADJACENT_NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-12-18T11:45:51.350788Z","id":"CVE-2021-3426","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-18T11:45:56.551Z"}}]}}