Published: 09/02/2019 Updated: 06/04/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rdflib project rdflib 4.2.2
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04

Debian Bug report logs - #921751 python-rdflib-tools: CVE-2019-7653: Code injection from current working directory Package: python-rdflib-tools; Maintainer for python-rdflib-tools is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-rdflib-tools is src:rdflib (PTS, buildd, popcon) Re ...

The Debian python-rdflib-tools 422-1 package for RDFLib 422 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot This issue is specific to use of the debian/scripts directory ...

CWE-427 https://bugs.debian.org/921751 https://lists.debian.org/debian-lts-announce/2019/03/msg00019.html https://usn.ubuntu.com/4535-1/https://lists.debian.org/debian-lts-announce/2021/12/msg00026.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921751 https://nvd.nist.gov https://security.archlinux.org/CVE-2019-7653

CVE-2019-7653

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect