Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Published

2022-08-24T16:15:09.827

Last Modified

2025-11-03T22:15:54.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-252

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	python	python	< 3.6.14	Yes
Application	python	python	< 3.7.11	Yes
Application	python	python	< 3.8.9	Yes
Application	python	python	< 3.9.3	Yes
Application	python	python	3.10.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Application	redhat	software_collections	-	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Application	netapp	ontap_select_deploy_administration_utility	-	Yes

References

https://access.redhat.com/security/cve/CVE-2021-4189 Third Party Advisory ([email protected])
https://bugs.python.org/issue43285 Patch, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2036020 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html ([email protected])
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html ([email protected])
https://python-security.readthedocs.io/vuln/ftplib-pasv.html Patch, Third Party Advisory ([email protected])
https://security-tracker.debian.org/tracker/CVE-2021-4189 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20221104-0004/ Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2021-4189 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.python.org/issue43285 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2036020 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
https://python-security.readthedocs.io/vuln/ftplib-pasv.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2021-4189 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20221104-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)