CVE-2013-4409

CRITICAL

Djblets < 0.6.30 and Review Board < 1.7.15 - Remote Code Execution via JSON Request Parsing

Title source: llm
STIX 2.1

Description

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

References (10)

Core 10
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2013-4409
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/63029
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/88059

Scores

CVSS v3 9.8
EPSS 0.0304
EPSS Percentile 86.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (8)
fedoraproject/fedora 18
fedoraproject/fedora 19
fedoraproject/fedora 20
pypi/djblets 0 - 0.6.30PyPI
pypi/ReviewBoard 0 - 1.7.15PyPI
redhat/enterprise_linux 6.0
reviewboard/djblets 0.7.21
reviewboard/review_board < 1.7.15
Published Nov 04, 2019
Tracked Since Feb 18, 2026