Eval Vulnerability in Djblets and Beanbag Review Board by Python Software Foundation
CVE-2013-4409

9.8CRITICAL

Key Information:

Vendor
Python Software Foundation; Beanbag
Status
Djblets
Review Board
Vendor
CVE Published:
4 November 2019

Summary

An eval vulnerability exists in version 0.7.21 of Djblets and all versions of Beanbag Review Board prior to 1.7.15. This vulnerability occurs during the parsing of JSON requests, potentially allowing an attacker to execute arbitrary code within the application context if exploited. Proper validation and sanitation of input data are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

Djblets 0.7.21

Review Board before 1.7.15

References

https://security-tracker.debian.org/tracker/CVE-2013-4409
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2013-4409
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2013-4409 : Eval Vulnerability in Djblets and Beanbag Review Board by Python Software Foundation | SecurityVulnerability.io