CVE-2015-1341
published 2019-04-22CVE-2015-1341: Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.18 | 2.14.1-0ubuntu3.18 |
| apport_project | apport | >= 0 < 2.19.2-0ubuntu1 | 2.19.2-0ubuntu1 |
| canonical | apport | < 2.19.2 | 2.19.2 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| ubuntu | apport | >= unspecified < 2.0.1-0ubuntu17.13 | 2.0.1-0ubuntu17.13 |
| ubuntu | apport | >= unspecified < 2.19.1-0ubuntu4 | 2.19.1-0ubuntu4 |
| ubuntu | apport | >= unspecified < 2.17.2-0ubuntu1.7 | 2.17.2-0ubuntu1.7 |
| ubuntu | apport | >= unspecified < 2.14.1-0ubuntu3.18 | 2.14.1-0ubuntu3.18 |
| ubuntu | apport | >= unspecified < 2.19.2 | 2.19.2 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH