CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
wesnothwesnoth
1.4
wesnothwesnoth
1.4.1
wesnothwesnoth
1.4.2
wesnothwesnoth
1.4.3
wesnothwesnoth
1.4.4
wesnothwesnoth
1.4.5
wesnothwesnoth
1.4.6
wesnothwesnoth
1.4.7
wesnothwesnoth
1.5.0
wesnothwesnoth
1.5.1
wesnothwesnoth
1.5.2
wesnothwesnoth
1.5.3
wesnothwesnoth
1.5.4
wesnothwesnoth
1.5.5
wesnothwesnoth
1.5.6
wesnothwesnoth
1.5.7
wesnothwesnoth
1.5.8
wesnothwesnoth
1.5.9
wesnothwesnoth
1.5.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wesnoth
intrepid
Fixed 1:1.4.5-1ubuntu0.2
released
hardy
Fixed 1:1.4-1ubuntu0.1
released
gutsy
Fixed 1.2.6-1ubuntu2.5
released
dapper
not-affected
Common Weakness Enumeration