7.2
CVE-2008-3949
- EPSS 0.53%
- Veröffentlicht 22.09.2008 18:52:13
- Zuletzt bearbeitet 16.06.2026 22:56:52
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.404 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://secunia.com/advisories/34004
http://security.gentoo.org/glsa/glsa-200902-06.xml
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://secunia.com/advisories/31982
http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:216
http://www.securityfocus.com/bid/31052
https://bugzilla.novell.com/show_bug.cgi?id=424340
https://exchange.xforce.ibmcloud.com/vulnerabilities/45021