Astra Linux – Vulnerability in pyxdg

A code injection issue was discovered in PyXDG before version 0.26, through crafted Python code within a Category element of a Menu XML document in a .menu file. The XDGCONFIGDIRS setting must be configured to trigger the xdg.Menu.parse parsing within the directory containing this file. This issu...

USN-4700-1 pyxdg vulnerability

Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: OSV:GHSA-R6V3-HPXJ-R8RV...

Code Injection

pyxdg is vulnerable to code injection. The vulnerability is due to lack of sanitization of xdg/Menu.py before an eval call, allowing an attacker to perform xdg.Menu.parse parsing within the directory containing this file by using a malicious python code via a Category element of a Menu XML docume...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: SNYK:PYTHON-PYXDG-174562...