CVE-2019-12761

Name of the Vulnerable Software and Affected Versions PyXDG versions prior to 0.26

Description A code injection issue was discovered due to a lack of sanitization in xdg/Menu.py before an eval call. This issue can be triggered by crafted Python code in a Category element of a Menu XML document in a .menu file when XDG CONFIG DIRS is set up to parse within the directory containing this file. Exploitation of this issue may allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 0.26, update to version 0.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the xdg/Menu.py module or avoiding the use of the eval function until a patch is available. Additionally, ensure that XDG CONFIG DIRS is properly configured to minimize the risk of exploitation.