CVE-2019-7653

Опубликовано: 09 фев. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.

Ссылки

https://bugs.debian.org/921751
Exploit
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00019.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00026.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4535-1/
Third Party Advisory
https://bugs.debian.org/921751
Exploit
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00019.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00026.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4535-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rdflib_project:rdflib:4.2.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

EPSS

Процентиль: 77%

0.01001

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-427

Связанные уязвимости

CVE-2019-7653

CVSS3: 9.8

ubuntu

почти 7 лет назад

CVE-2019-7653

CVSS3: 9.8

debian

почти 7 лет назад

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...

GHSA-34gp-mhv2-cg2f

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 77%

0.01001

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-427