Описание
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.25-4ubuntu1.1 |
| cosmic | ignored | end of life |
| devel | not-affected | 0.26 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | released | 0.25-4ubuntu0.14.04.1~esm1 |
| esm-infra/bionic | released | 0.25-4ubuntu1.1 |
| esm-infra/focal | not-affected | 0.26 |
| esm-infra/xenial | released | 0.25-4ubuntu0.16.04.1 |
| focal | not-affected | 0.26 |
Показывать по
5.1 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.
A code injection issue was discovered in PyXDG before 0.26 via crafted ...
5.1 Medium
CVSS2
7.5 High
CVSS3