Unrated severityNVD Advisory· Published Aug 24, 2022· Updated Dec 17, 2025

CVE-2021-4189

Description

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Affected products

111

Python/FTP client librarydescription
osv-coords110 versions
pkg:bitnami/libpython pkg:bitnami/python pkg:bitnami/python-min pkg:rpm/almalinux/babel pkg:rpm/almalinux/platform-python pkg:rpm/almalinux/platform-python-debug pkg:rpm/almalinux/platform-python-devel pkg:rpm/almalinux/python2 pkg:rpm/almalinux/python2-attrs pkg:rpm/almalinux/python2-babel pkg:rpm/almalinux/python2-backports pkg:rpm/almalinux/python2-backports-ssl_match_hostname pkg:rpm/almalinux/python2-bson pkg:rpm/almalinux/python2-chardet pkg:rpm/almalinux/python2-coverage pkg:rpm/almalinux/python2-Cython pkg:rpm/almalinux/python2-debug pkg:rpm/almalinux/python2-devel pkg:rpm/almalinux/python2-dns pkg:rpm/almalinux/python2-docs pkg:rpm/almalinux/python2-docs-info pkg:rpm/almalinux/python2-docutils pkg:rpm/almalinux/python2-funcsigs pkg:rpm/almalinux/python2-idna pkg:rpm/almalinux/python2-ipaddress pkg:rpm/almalinux/python2-jinja2 pkg:rpm/almalinux/python2-libs pkg:rpm/almalinux/python2-lxml pkg:rpm/almalinux/python2-markupsafe pkg:rpm/almalinux/python2-mock pkg:rpm/almalinux/python2-nose pkg:rpm/almalinux/python2-numpy pkg:rpm/almalinux/python2-numpy-doc pkg:rpm/almalinux/python2-numpy-f2py pkg:rpm/almalinux/python2-pip pkg:rpm/almalinux/python2-pip-wheel pkg:rpm/almalinux/python2-pluggy pkg:rpm/almalinux/python2-psycopg2 pkg:rpm/almalinux/python2-psycopg2-debug pkg:rpm/almalinux/python2-psycopg2-tests pkg:rpm/almalinux/python2-py pkg:rpm/almalinux/python2-pygments pkg:rpm/almalinux/python2-pymongo pkg:rpm/almalinux/python2-pymongo-gridfs pkg:rpm/almalinux/python2-PyMySQL pkg:rpm/almalinux/python2-pysocks pkg:rpm/almalinux/python2-pytest pkg:rpm/almalinux/python2-pytest-mock pkg:rpm/almalinux/python2-pytz pkg:rpm/almalinux/python2-pyyaml pkg:rpm/almalinux/python2-requests pkg:rpm/almalinux/python2-rpm-macros pkg:rpm/almalinux/python2-scipy pkg:rpm/almalinux/python2-setuptools pkg:rpm/almalinux/python2-setuptools_scm pkg:rpm/almalinux/python2-setuptools-wheel pkg:rpm/almalinux/python2-six pkg:rpm/almalinux/python2-sqlalchemy pkg:rpm/almalinux/python2-test pkg:rpm/almalinux/python2-tkinter pkg:rpm/almalinux/python2-tools pkg:rpm/almalinux/python2-urllib3 pkg:rpm/almalinux/python2-virtualenv pkg:rpm/almalinux/python2-wheel pkg:rpm/almalinux/python2-wheel-wheel pkg:rpm/almalinux/python3-idle pkg:rpm/almalinux/python3-libs pkg:rpm/almalinux/python3-test pkg:rpm/almalinux/python3-tkinter pkg:rpm/almalinux/python-nose-docs pkg:rpm/almalinux/python-psycopg2-doc pkg:rpm/almalinux/python-sqlalchemy-doc pkg:rpm/opensuse/python-base&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/python&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/python-doc&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3 pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2 pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/python-base&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-base&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3 pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3 pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2 pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python-doc&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 3.6.0, < 3.6.14+ 109 more
- (no CPE)range: >= 3.6.0, < 3.6.14
- (no CPE)range: >= 3.6.0, < 3.6.14
- (no CPE)range: >= 3.6.0, < 3.6.14
- (no CPE)range: < 2.5.1-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.6.8-45.el8.alma
- (no CPE)range: < 3.6.8-45.el8.alma
- (no CPE)range: < 3.6.8-45.el8.alma
- (no CPE)range: < 2.7.18-10.module_el8.6.0+2781+fed64c13.alma
- (no CPE)range: < 17.4.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.5.1-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.5.0.1-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.7.0-1.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.0.4-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 4.5.1-4.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.28.1-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.18-10.module_el8.6.0+2781+fed64c13.alma
- (no CPE)range: < 2.7.18-10.module_el8.6.0+2781+fed64c13.alma
- (no CPE)range: < 1.15.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.14-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.18-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.10-9.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.18-10.module_el8.6.0+2781+fed64c13.alma
- (no CPE)range: < 4.2.3-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.23-19.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.0.0-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.3.7-31.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:1.14.2-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:1.14.2-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:1.14.2-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 9.0.3-19.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 9.0.3-19.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.6.0-8.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.5.3-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.2.0-22.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.7.0-1.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.7.0-1.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.8.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.6.8-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.4.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.9.0-4.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2017.2-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.12-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.20.0-3.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3-38.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.0-21.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 39.0.1-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.15.7-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 39.0.1-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.11.0-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.3.2-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.18-10.module_el8.6.0+2781+fed64c13.alma
- (no CPE)range: < 2.7.18-10.module_el8.6.0+2781+fed64c13.alma
- (no CPE)range: < 2.7.18-10.module_el8.6.0+2781+fed64c13.alma
- (no CPE)range: < 1.24.2-3.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 15.1.0-21.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:0.31.1-3.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1:0.31.1-3.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.6.8-45.el8.alma
- (no CPE)range: < 3.6.8-45.el8.alma
- (no CPE)range: < 3.6.8-45.el8.alma
- (no CPE)range: < 3.6.8-45.el8.alma
- (no CPE)range: < 1.3.7-31.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.3.2-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.18-150000.38.2
- (no CPE)range: < 2.7.18-150000.38.1
- (no CPE)range: < 2.7.18-15.1
- (no CPE)range: < 2.7.18-150000.38.1
- (no CPE)range: < 3.4.10-25.85.1
- (no CPE)range: < 3.4.10-25.85.1
- (no CPE)range: < 3.4.10-25.85.1
- (no CPE)range: < 3.4.10-25.85.1
- (no CPE)range: < 3.4.10-25.85.2
- (no CPE)range: < 3.4.10-25.85.2
- (no CPE)range: < 3.4.10-25.85.2
- (no CPE)range: < 3.4.10-25.85.2
- (no CPE)range: < 2.7.18-150000.38.2
- (no CPE)range: < 2.7.18-150000.38.2
- (no CPE)range: < 2.7.18-150000.38.2
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-150000.38.1
- (no CPE)range: < 2.7.18-150000.38.1
- (no CPE)range: < 2.7.18-150000.38.1
- (no CPE)range: < 2.7.18-150000.38.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1
- (no CPE)range: < 2.7.18-33.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000