In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
https://github.com/python/cpython/pull/25099
https://sick.codes/sick-2021-014
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
https://github.com/python/cpython/pull/12577
https://docs.python.org/3/library/ipaddress.html
https://bugs.python.org/issue36384
https://security.netapp.com/advisory/ntap-20210622-0003/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
Source: MITRE
Published: 2021-05-06
Updated: 2022-07-25
Type: NVD-CWE-Other
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL