PT-2019-6947 · Beanbag · Review Board+1

Christian Hammond

Publicado

2019-11-04

Atualizado

2022-05-05

CVE-2013-4409

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Djblets versions prior to 0.7.21 Beanbag Review Board versions prior to 1.7.15

Description The issue exists when parsing JSON requests, allowing an attacker to execute arbitrary Python code due to an eval() vulnerability.

Recommendations For Djblets versions prior to 0.7.21, update to version 0.7.21 or later to resolve the issue. For Beanbag Review Board versions prior to 1.7.15, update to version 1.7.15 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2013-4409

GHSA-58H8-44MG-R43X

PYSEC-2019-175

Produtos afetados

Djblets

Review Board

PT-2019-6947 · Beanbag · Review Board+1

CVE-2013-4409

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18