{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-26T19:41:47.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/bbangert/beaker/issues/191"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/05/14/11"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850105"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7489", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bbangert/beaker/issues/191", "refsource": "MISC", "url": "https://github.com/bbangert/beaker/issues/191"}, {"name": "https://www.openwall.com/lists/oss-security/2020/05/14/11", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/05/14/11"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1850105", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850105"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:09:16.993Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bbangert/beaker/issues/191"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/05/14/11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850105"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7489", "datePublished": "2020-06-26T19:41:47.000Z", "dateReserved": "2020-06-26T00:00:00.000Z", "dateUpdated": "2024-08-06T18:09:16.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beakerbrowser:beaker:*:*:*:*:*:python:*:*", "matchCriteriaId": "F00F62FC-5ED4-4E5A-8180-B7FFA99C67BF", "versionEndIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution."}, {"lang": "es", "value": "La biblioteca Beaker versiones hasta 1.11.0 para Python, est\u00e1 afectada por una deserializaci\u00f3n de datos no confiables, lo que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "id": "CVE-2013-7489", "lastModified": "2024-11-21T02:01:08.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-26T20:15:11.760", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850105"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/bbangert/beaker/issues/191"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/14/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/bbangert/beaker/issues/191"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/14/11"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "python-beaker: Deserialization of Untrusted Data which can lead to Arbitrary code execution", "id": "1850105", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850105"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-502", "details": ["The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.", "A flaw was found in python-beaker, where it is affected by the deserialization of untrusted data. This flaw allows an attacker to enter malicious payloads into the cache database (for example, if they are on the network and have credentials for the database), to perform remote code execution on the machine running Beaker, due to the deserialization of data from the cache database by Pickle."], "mitigation": {"lang": "en:us", "value": "Implementing proper access control on the Beaker cache database, to prevent unauthorized writes into the database, will mitigate exploitation of this flaw. This flaw also cannot be triggered if the Cache functionality of Beaker is not used. When using the Session feature of Beaker, use the signing functionality to verify the integrity of the data retrieved from the database before deserialization."}, "name": "CVE-2013-7489", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python-beaker", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "python-beaker", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7489\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7489"], "threat_severity": "Moderate"}

{}