Reviewboard Djblets vulnerabilities

CVE-2013-4409 [CRITICAL] CWE-20 CVE-2013-4409: An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

CVE-2014-3995 [MEDIUM] CWE-79 CVE-2014-3995: Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0. Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.

CVE-2014-3994 [MEDIUM] CWE-79 CVE-2014-3994: Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.