CRITICAL 9.8

PYSEC-2026-524

ReviewBoard and Djblets library are vulnerable to code execution

상세

An eval() vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / reviewboard

최초 영향 버전: 0 수정 버전: 1.7.15

수정 pip install --upgrade 'reviewboard>=1.7.15'

참고

https://nvd.nist.gov/vuln/detail/CVE-2013-4409 [ADVISORY]
https://access.redhat.com/security/cve/cve-2013-4409 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409 [WEB]
https://exchange.xforce.ibmcloud.com/vulnerabilities/88059 [WEB]
https://github.com/djblets/djblets [PACKAGE]
https://github.com/djblets/djblets/blob/release-0.7.19/NEWS [WEB]
https://github.com/pypa/advisory-database/tree/main/vulns/djblets/PYSEC-2019-175.yaml [WEB]
https://security-tracker.debian.org/tracker/CVE-2013-4409 [WEB]
https://web.archive.org/web/20200228151135/https://www.securityfocus.com/bid/63029 [WEB]
https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.15 [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html [WEB]
http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html [WEB]
https://pypi.org/project/reviewboard [PACKAGE]
https://github.com/advisories/GHSA-58h8-44mg-r43x [ADVISORY]