CVE-2013-4409Improper Input Validation in Review Board

CWE-20Improper Input Validation7 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.2%
top 21.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Reviewboard Review BoardReviewboard DjbletsReviewboard+4 more
Timeline
PublishedNov 4
Latest updateMay 5

Description

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

PyPIreviewboard/djblets0.7.00.7.19+2

Also affects: Fedora 18, 19, 20, Enterprise Linux 6.0

🔴Vulnerability Details

3
GHSA
ReviewBoard and Djblets library are vulnerable to code execution2022-05-05
OSV
ReviewBoard and Djblets library are vulnerable to code execution2022-05-05
OSV
CVE-2013-4409: An eval() vulnerability exists in Python Software Foundation Djblets 02019-11-04

💬Community

3
Bugzilla
CVE-2013-4409 python-djblets: unsanitized eval() vulnerability [epel-6]2013-10-10
Bugzilla
CVE-2013-4409 python-djblets: unsanitized eval() vulnerability [fedora-all]2013-10-10
Bugzilla
CVE-2013-4409 python-djblets: unsanitized eval() vulnerability2013-10-08