Homepage
About Snyk

pyxdg@0.21 vulnerabilities

PyXDG contains implementations of freedesktop.org standards in python.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pyxdg package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Command Execution

pyxdg contains implementations of freedesktop.org standards in python.

Affected versions of this package are vulnerable to Arbitrary Command Execution via the xdg.Menu.parse() function. When it is possible to craft an evil menu file with a Category node containing Python injected code. Then it is possible to update xdg_config_dirs with its location folder, the evil menu can be parsed and an attacker could exploit the vulnerability. This is due to a lack of sanitization in xdg/Menu.py. When the evil menu file is parsed, the injected code is executed because of an unsanitized eval().

How to fix Arbitrary Command Execution?

Upgrade pyxdg to version 0.26 or higher.

[,0.26)
Go back to all versions of this package