Lucene search

K
prionPRIOn knowledge basePRION:CVE-2007-0404
HistoryJan 23, 2007 - 12:28 a.m.

Design/Logic Flaw

2007-01-2300:28:00
PRIOn knowledge base
www.prio-n.com
3

AI Score

7.7

Confidence

High

EPSS

0.01

Percentile

83.4%

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.

CPENameOperatorVersion
djangoeq0.95

AI Score

7.7

Confidence

High

EPSS

0.01

Percentile

83.4%