PT-2019-18684 · Debian+1 · Python-Rdflib-Tools+1

Published

2019-02-09

Updated

2022-04-06

CVE-2019-7653

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Debian python-rdflib-tools version 4.2.2-1

Description The issue allows code injection due to the CLI tools loading Python modules from the current working directory. This is because the "python -m" command looks in this directory, as shown with rdf2dot. The problem is specific to the use of the debian/scripts directory.

Recommendations For Debian python-rdflib-tools version 4.2.2-1, consider restricting access to the debian/scripts directory to minimize the risk of code injection until a fix is available. As a temporary workaround, avoid using the CLI tools from the current working directory.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2019-7653

DLA-1717-1

DLA-2861-1

USN-4535-1

Affected Products

Ubuntu

Python-Rdflib-Tools

PT-2019-18684 · Debian+1 · Python-Rdflib-Tools+1

CVE-2019-7653

Weakness Enumeration

Related Identifiers

Affected Products

References · 20