Lucene search

GoogleOSV:GHSA-58H8-44MG-R43X

HistoryMay 05, 2022 - 12:29 a.m.

ReviewBoard and Djblets library are vulnerable to code execution

2022-05-0500:29:00

Google

osv.dev

reviewboard

djblets

vulnerable

code execution

python software foundation

eval() vulnerability

json requests

arbitrary python code

EPSS

0.016

Percentile

87.6%

JSON

An eval() vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code.

References

lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html

lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html

lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html

lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html

lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html

www.securityfocus.com/bid/63029

access.redhat.com/security/cve/cve-2013-4409

bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409

exchange.xforce.ibmcloud.com/vulnerabilities/88059

github.com/djblets/djblets

github.com/djblets/djblets/blob/release-0.7.19/NEWS

nvd.nist.gov/vuln/detail/CVE-2013-4409

security-tracker.debian.org/tracker/CVE-2013-4409

www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15

EPSS

0.016

Percentile

87.6%

JSON

Related for OSV:GHSA-58H8-44MG-R43X