Lucene search

K
cve[email protected]CVE-2007-0404
HistoryJan 23, 2007 - 12:28 a.m.

CVE-2007-0404

2007-01-2300:28:00
web.nvd.nist.gov
28
cve-2007-0404
django 0.95
arbitrary command execution
shell metacharacters
security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.4%

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.

Affected configurations

NVD
Node
django_projectdjangoMatch0.95

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.4%