CVE-2013-4409

Published: Nov 4, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Affected (6)

Products: Reviewboard: Djblets, Review Board · Fedoraproject: Fedora · Redhat: Enterprise Linux

2 products

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Reviewboard Djblets	Version 0.7.21
Reviewboard Review Board	Before 1.7.15

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 18
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/63029

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/security/cve/cve-2013-4409

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/88059

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://security-tracker.debian.org/tracker/CVE-2013-4409

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html