CVE-2013-4409
CRITICAL9.8EPSS 1.2%ReviewBoard and Djblets library are vulnerable to code execution
發布日:2022/5/5修改日:2024/9/20
描述
An eval() vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code.
受影響套件(3)
- PyPI/djbletsfrom 0, < 0.6.30
- PyPI/djbletsfrom 0, < 0.7.21
- PyPI/reviewboardfrom 0, < 1.7.15
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(16)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4409
- PATCHhttps://github.com/djblets/djblets
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html
- WEBhttps://access.redhat.com/security/cve/cve-2013-4409
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88059
- WEBhttps://github.com/djblets/djblets/blob/release-0.7.19/NEWS
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/djblets/PYSEC-2019-175.yaml
- WEBhttps://security-tracker.debian.org/tracker/CVE-2013-4409
- WEBhttps://web.archive.org/web/20200228151135/https://www.securityfocus.com/bid/63029
- WEBhttps://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15
- WEBhttp://www.securityfocus.com/bid/63029