CVE-2019-7653LOWCVSS 9.8fixed in rdflib 4.2.2-2 (bookworm)2019
CVE-2019-7653 [CRITICAL] CVE-2019-7653: rdflib - The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools th...
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.
Scope: local
bookworm: resolved (fixed in 4.2.2-2)
bullseye: re
debian