Skip to content
This repository was archived by the owner on Jan 5, 2026. It is now read-only.

Component Governance CVE-2021-42771 Py babel update#1826

Merged
BruceHaley merged 4 commits into
mainfrom
bruce/pybabelupdate10-25
Oct 26, 2021
Merged

Component Governance CVE-2021-42771 Py babel update#1826
BruceHaley merged 4 commits into
mainfrom
bruce/pybabelupdate10-25

Conversation

@BruceHaley

@BruceHaley BruceHaley commented Oct 26, 2021

Copy link
Copy Markdown
Contributor

Fixes #minor

Description

Component Governance microsoft/BotBuilder-Samples CVE-2021-42771 severity high
https://dev.azure.com/FuseLabs/SDK_v4/_componentGovernance/112465/alert/6028631?typeId=4354877
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
babel 2.7.0
/s/samples/python/05.multi-turn-prompt/requirements.txt
botbuilder-dialogs 4.14.0
Upgrade babel from 2.7.0 to 2.9.1 to fix the vulnerability.

Specific Changes

Upgrade babel from 2.7.0 to 2.9.1 in setup.py.

Fix outdated agent pool in pipeline.

@BruceHaley

Copy link
Copy Markdown
Contributor Author

/azp run

@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants