Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. Reference: https://www.tenable.com/security/research/tra-2021-14 Upstream patch: https://github.com/python-babel/babel/pull/782
*** This bug has been marked as a duplicate of bug 1955615 ***
Moving the CVE alias to flaw bug 1955615 for easier tracking.