Vulnerability Details CVE-2009-2946
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209
- http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1
- http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0
- http://www.debian.org/security/2009/dsa-1878
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209
- http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1
- http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0
- http://www.debian.org/security/2009/dsa-1878
Products affected by CVE-2009-2946
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.0
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.1
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.2
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.3
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.4
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.5
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.6
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.7
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.13.8
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.14.1
-
cpe:2.3:a:devscripts_devel_team:devscripts:2.15.6
-
cpe:2.3:o:debian:linux:*