CVE-2013-4409 – reviewboard

Package

Manager: pip
Name: reviewboard
Vulnerable Version: >=0 <1.7.15

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01166 pctl0.77774

Details

ReviewBoard and Djblets library are vulnerable to code execution An eval() vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code.

Metadata

Created: 2022-05-05T00:29:00Z
Modified: 2024-09-20T16:54:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-58h8-44mg-r43x/GHSA-58h8-44mg-r43x.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-58h8-44mg-r43x
Finding: F184
Auto approve: 1