CVE-2019-12761 – pyxdg

Package

Manager: pip
Name: pyxdg
Vulnerable Version: >=0 <0.26

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00536 pctl0.6663

Details

Code Injection in PyXDG A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

Metadata

Created: 2019-06-07T20:56:27Z
Modified: 2024-10-15T16:41:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-r6v3-hpxj-r8rv/GHSA-r6v3-hpxj-r8rv.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-r6v3-hpxj-r8rv
Finding: F416
Auto approve: 1