CVE-2013-4409
CRITICAL9.8EPSS 1.2%ReviewBoard and Djblets library are vulnerable to code execution
Published: 5/5/2022Modified: 9/20/2024
Description
An eval() vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code.
Affected packages (3)
- PyPI/djbletsfrom 0, < 0.6.30
- PyPI/djbletsfrom 0, < 0.7.21
- PyPI/reviewboardfrom 0, < 1.7.15
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (16)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4409
- PATCHhttps://github.com/djblets/djblets
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html
- WEBhttps://access.redhat.com/security/cve/cve-2013-4409
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88059
- WEBhttps://github.com/djblets/djblets/blob/release-0.7.19/NEWS
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/djblets/PYSEC-2019-175.yaml
- WEBhttps://security-tracker.debian.org/tracker/CVE-2013-4409
- WEBhttps://web.archive.org/web/20200228151135/https://www.securityfocus.com/bid/63029
- WEBhttps://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15
- WEBhttp://www.securityfocus.com/bid/63029