CVE-2019-12761
Description
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.645
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-1624,CVE-2019-12761 are fixed in Python-pyxdg 0.26 | Windows |
| python library to access freedesktop.org standards (USN-4700-1) python-xdg_0.25-4ubuntu1.1_all.deb | Linux |
| python library to access freedesktop.org standards (USN-4700-1) python-xdg_0.25-4ubuntu0.16.04.1_all.deb | Linux |
| python library to access freedesktop.org standards (USN-4700-1) python3-xdg_0.25-4ubuntu1.1_all.deb | Linux |
| python library to access freedesktop.org standards (USN-4700-1) python3-xdg_0.25-4ubuntu0.16.04.1_all.deb | Linux |
| Vulnerabilities CVE-2014-1624,CVE-2019-12761 are fixed in Python-pyxdg for linux 0.26 | Linux |
| Improper Control of Generation of Code (Code Injection) Vulnerability (CVE-2019-12761) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234