QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3426

Published: May 20, 2021

Modified: Dec 18, 2025

PUBLISHED

Description

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Vendor	Product	Versions
n/a	python	affected `python 3.8.9, python 3.9.3, python 3.10.0a7`

Weaknesses (CWE)

References

[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update

mailing-list

FEDORA-2021-a311bf10d4

vendor-advisory

FEDORA-2021-2ab6f060d9

vendor-advisory

FEDORA-2021-1769a23935

vendor-advisory

FEDORA-2021-b6b6093b3a

vendor-advisory

FEDORA-2021-067c9deff1

vendor-advisory

FEDORA-2021-0a8f3ffbc0

vendor-advisory

FEDORA-2021-a26257ccf5

vendor-advisory

vendor-advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1935913

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20210629-0003/

https://www.oracle.com/security-alerts/cpujan2022.html

[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.