Unrated severityOSV Advisory· Published Feb 9, 2019· Updated Aug 4, 2024

CVE-2019-7653

Description

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Rdflib/RdflibOSV
Range: 2.0.6, 2.3.0, 2.3.1, …
Debian/python-rdflib-toolsllm-create
Range: 4.2.2-1

Patches

Vulnerability mechanics

References

usn.ubuntu.com/4535-1/mitrevendor-advisoryx_refsource_UBUNTU
bugs.debian.org/921751mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/03/msg00019.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2021/12/msg00026.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000