CVE-2013-4409: Input Validation
First published: Mon Nov 04 2019(Updated: )
An eval() vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/ReviewBoard | <1.7.15 | 1.7.15 |
| pip/djblets | >=0.7.0<0.7.19 | 0.7.19 |
| pip/djblets | <0.6.30 | 0.6.30 |
| Reviewboard Djblets | =0.7.21 | |
| Reviewboard Review Board | <1.7.15 | |
| Fedoraproject Fedora | =18 | |
| Fedoraproject Fedora | =19 | |
| Fedoraproject Fedora | =20 | |
| Redhat Enterprise Linux | =6.0 | |
| debian/djblets | ||
| debian/python-django-djblets |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2013-4409
- https://access.redhat.com/security/cve/cve-2013-4409
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88059
- https://security-tracker.debian.org/tracker/CVE-2013-4409
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html
- http://www.securityfocus.com/bid/63029
- https://github.com/djblets/djblets/blob/release-0.7.19/NEWS
- https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15/
- https://github.com/advisories/GHSA-58h8-44mg-r43x (Advisory)
- https://github.com/djblets/djblets/commit/36cd15763742652ca990f913b44e91c69c707269
- collector/github-advisory-latest
- alias/GHSA-58h8-44mg-r43x
- alias/CVE-2013-4409
- collector/github-advisory
- collector/nvd-index
- collector/security-tracker-debian
- collector/nvd-cve
- agent/severity
- agent/references
- agent/tags
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- package-manager/pip
- vendor/reviewboard
- canonical/reviewboard djblets
- version/reviewboard djblets/0.7.21
- canonical/reviewboard review board
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/18
- version/fedoraproject fedora/19
- version/fedoraproject fedora/20
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- package-manager/debian