cbcvebase.
CVE-2009-0367
published 2009-03-05

CVE-2009-0367: The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted…

PriorityP359critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.94%
95.3th percentile
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.

Affected

19 ranges
VendorProductVersion rangeFixed in
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth
wesnothwesnoth

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.