Security
Security
A vulnerability in Babel could result in remote code execution.
| Package | dev-python/Babel on all architectures |
|---|---|
| Affected versions | < 2.9.1 |
| Unaffected versions | >= 2.9.1 |
Babel is a collection of tools for internationalizing Python applications.
Babel does not properly restrict which sources a locale can be loaded from. If Babel loads an attacker-controlled .dat file, arbitrary code execution can be achieved via unsafe Pickle deserialization.
An attacker with filesystem access and control over the locales Babel loads can achieve code execution.
There is no known workaround at this time.
All Babel users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/Babel-2.9.1"
Release date
August 04, 2022
Latest revision
August 04, 2022: 1
Severity
normal
Exploitable
remote
Bugzilla entries