Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:10981
HistoryJan 15, 2019 - 8:55 a.m.

Arbitrary Code Execution

2019-01-1508:55:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3

0.0004 Low

EPSS

Percentile

9.8%

abrt is vulnerable to arbitrary code execution. The /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool does not sufficiently sanitize its environment variables, allowing arbitrary Python modules to be loaded and run from non-standard directories such as /tmp. A local attacker is able to execute arbitrary code by modifying the PYTHONPATH environment variable to reference a malicious Python module.

0.0004 Low

EPSS

Percentile

9.8%