Unrated severityNVD Advisory· Published May 20, 2021· Updated Dec 18, 2025
CVE-2021-3426
CVE-2021-3426
Description
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
Affected products
132- Python/Pythondescription
- osv-coords131 versionspkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/almalinux/platform-pythonpkg:rpm/almalinux/platform-python-debugpkg:rpm/almalinux/platform-python-develpkg:rpm/almalinux/python38-asn1cryptopkg:rpm/almalinux/python38-atomicwritespkg:rpm/almalinux/python38-attrspkg:rpm/almalinux/python38-babelpkg:rpm/almalinux/python38-cffipkg:rpm/almalinux/python38-chardetpkg:rpm/almalinux/python38-cryptographypkg:rpm/almalinux/python38-Cythonpkg:rpm/almalinux/python38-idnapkg:rpm/almalinux/python38-jinja2pkg:rpm/almalinux/python38-markupsafepkg:rpm/almalinux/python38-mod_wsgipkg:rpm/almalinux/python38-more-itertoolspkg:rpm/almalinux/python38-numpypkg:rpm/almalinux/python38-numpy-docpkg:rpm/almalinux/python38-numpy-f2pypkg:rpm/almalinux/python38-packagingpkg:rpm/almalinux/python38-pluggypkg:rpm/almalinux/python38-plypkg:rpm/almalinux/python38-psutilpkg:rpm/almalinux/python38-psycopg2pkg:rpm/almalinux/python38-psycopg2-docpkg:rpm/almalinux/python38-psycopg2-testspkg:rpm/almalinux/python38-pypkg:rpm/almalinux/python38-pycparserpkg:rpm/almalinux/python38-PyMySQLpkg:rpm/almalinux/python38-pyparsingpkg:rpm/almalinux/python38-pysockspkg:rpm/almalinux/python38-pytestpkg:rpm/almalinux/python38-pytzpkg:rpm/almalinux/python38-pyyamlpkg:rpm/almalinux/python38-requestspkg:rpm/almalinux/python38-scipypkg:rpm/almalinux/python38-setuptoolspkg:rpm/almalinux/python38-setuptools-wheelpkg:rpm/almalinux/python38-sixpkg:rpm/almalinux/python38-urllib3pkg:rpm/almalinux/python38-wcwidthpkg:rpm/almalinux/python38-wheelpkg:rpm/almalinux/python38-wheel-wheelpkg:rpm/almalinux/python39-attrspkg:rpm/almalinux/python39-cffipkg:rpm/almalinux/python39-chardetpkg:rpm/almalinux/python39-cryptographypkg:rpm/almalinux/python39-Cythonpkg:rpm/almalinux/python39-idnapkg:rpm/almalinux/python39-iniconfigpkg:rpm/almalinux/python39-mod_wsgipkg:rpm/almalinux/python39-more-itertoolspkg:rpm/almalinux/python39-numpypkg:rpm/almalinux/python39-numpy-docpkg:rpm/almalinux/python39-numpy-f2pypkg:rpm/almalinux/python39-packagingpkg:rpm/almalinux/python39-pluggypkg:rpm/almalinux/python39-plypkg:rpm/almalinux/python39-psutilpkg:rpm/almalinux/python39-psycopg2pkg:rpm/almalinux/python39-psycopg2-docpkg:rpm/almalinux/python39-psycopg2-testspkg:rpm/almalinux/python39-pypkg:rpm/almalinux/python39-pycparserpkg:rpm/almalinux/python39-PyMySQLpkg:rpm/almalinux/python39-pyparsingpkg:rpm/almalinux/python39-pysockspkg:rpm/almalinux/python39-pytestpkg:rpm/almalinux/python39-pyyamlpkg:rpm/almalinux/python39-requestspkg:rpm/almalinux/python39-scipypkg:rpm/almalinux/python39-setuptoolspkg:rpm/almalinux/python39-setuptools-wheelpkg:rpm/almalinux/python39-sixpkg:rpm/almalinux/python39-tomlpkg:rpm/almalinux/python39-urllib3pkg:rpm/almalinux/python39-wcwidthpkg:rpm/almalinux/python39-wheelpkg:rpm/almalinux/python39-wheel-wheelpkg:rpm/almalinux/python3-idlepkg:rpm/almalinux/python3-testpkg:rpm/almalinux/python3-tkinterpkg:rpm/opensuse/python310&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python314&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python36&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python38&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python3-core&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python3-documentation&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python36-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3-core&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/python3-core&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python3&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1
< 2.7.18+ 130 more
- (no CPE)range: < 2.7.18
- (no CPE)range: < 2.7.18
- (no CPE)range: < 2.7.18
- (no CPE)range: < 3.6.8-41.el8.alma
- (no CPE)range: < 3.6.8-41.el8
- (no CPE)range: < 3.6.8-41.el8
- (no CPE)range: < 1.2.0-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.3.0-8.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 19.3.0-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.7.0-11.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.13.2-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 3.0.4-19.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.8-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 0.29.14-4.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.8-6.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.10.3-5.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.1.1-6.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 4.6.8-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 7.2.0-5.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.17.3-6.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.17.3-6.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.17.3-6.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 19.2-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 0.13.0-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 3.11-10.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 5.6.4-4.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.8.4-4.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.8.4-4.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.8.4-4.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.8.0-8.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.19-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 0.10.1-1.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.4.5-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.7.1-4.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 4.6.6-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2019.3-3.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 5.4.1-1.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 2.22.0-9.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.3.1-4.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 41.6.0-5.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 41.6.0-5.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.12.0-10.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 1.25.7-5.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 0.1.7-16.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 0.33.6-6.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 0.33.6-6.module_el8.6.0+2778+cd494b30
- (no CPE)range: < 20.3.0-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.14.3-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.0.4-19.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.3.1-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 0.29.21-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.10-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.1.1-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 4.7.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 8.5.0-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 20.4-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 0.13.1-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.11-10.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 5.8.0-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.8.6-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.8.6-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.8.6-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.10.0-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.20-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 0.10.1-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.4.7-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.7.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 6.0.2-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 5.4.1-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.25.0-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.5.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 50.3.2-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 50.3.2-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.15.0-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 0.10.1-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.25.10-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 0.2.5-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1:0.35.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1:0.35.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.6.8-41.el8
- (no CPE)range: < 3.6.8-41.el8
- (no CPE)range: < 3.6.8-41.el8.alma
- (no CPE)range: < 3.10.0rc1-4.2
- (no CPE)range: < 3.11.0b1-1.1
- (no CPE)range: < 3.12.0a7-1.1
- (no CPE)range: < 3.13.0~b3-1.1
- (no CPE)range: < 3.14.0~a1-1.1
- (no CPE)range: < 3.15.0~a1-1.1
- (no CPE)range: < 3.6.15-1.1
- (no CPE)range: < 3.8.12-1.2
- (no CPE)range: < 3.9.7-2.1
- (no CPE)range: < 3.6.15-10.9.1
- (no CPE)range: < 3.6.15-10.9.1
- (no CPE)range: < 3.6.15-10.9.1
- (no CPE)range: < 3.6.13-4.39.1
- (no CPE)range: < 3.6.13-4.39.1
- (no CPE)range: < 3.6.13-4.39.1
- (no CPE)range: < 3.6.13-4.39.1
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.13-3.81.1
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.13-3.81.1
- (no CPE)range: < 3.6.13-3.81.1
- (no CPE)range: < 3.6.13-3.81.1
- (no CPE)range: < 3.6.13-3.81.1
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.3
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.13-3.81.2
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.13-3.81.2
- (no CPE)range: < 3.6.13-3.81.2
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
- (no CPE)range: < 3.6.15-3.91.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/mitrevendor-advisory
- security.gentoo.org/glsa/202104-04mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2021/04/msg00005.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2023/06/msg00039.htmlmitremailing-list
- bugzilla.redhat.com/show_bug.cgimitre
- security.netapp.com/advisory/ntap-20210629-0003/mitre
- www.oracle.com/security-alerts/cpujan2022.htmlmitre
- www.oracle.com/security-alerts/cpuoct2021.htmlmitre
News mentions
0No linked articles in our index yet.