PT-2019-18684 · Debian+1 · Python-Rdflib-Tools+1

Publicado

2019-02-09

Atualizado

2022-04-06

CVE-2019-7653

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Debian python-rdflib-tools version 4.2.2-1

Description The issue allows code injection due to the CLI tools loading Python modules from the current working directory. This is because the "python -m" command looks in this directory, as shown with rdf2dot. The problem is specific to the use of the debian/scripts directory.

Recommendations For Debian python-rdflib-tools version 4.2.2-1, consider restricting access to the debian/scripts directory to minimize the risk of code injection until a fix is available. As a temporary workaround, avoid using the CLI tools from the current working directory.

Exploit

Correção

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-427

Identificadores relacionados

CVE-2019-7653

DLA-1717-1

DLA-2861-1

USN-4535-1

Produtos afetados

Ubuntu

Python-Rdflib-Tools

PT-2019-18684 · Debian+1 · Python-Rdflib-Tools+1

CVE-2019-7653

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20