CVE-2013-7050

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
devscripts_devel_teamdevscripts
𝑥
≤ 2.13.7
devscripts_devel_teamdevscripts
2.13.0
devscripts_devel_teamdevscripts
2.13.1
devscripts_devel_teamdevscripts
2.13.2
devscripts_devel_teamdevscripts
2.13.3
devscripts_devel_teamdevscripts
2.13.4
devscripts_devel_teamdevscripts
2.13.5
devscripts_devel_teamdevscripts
2.13.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
devscripts
bullseye
2.21.3+deb11u1
fixed
wheezy
not-affected
squeeze
not-affected
bookworm
2.23.4+deb12u1
fixed
sid
2.24.2
fixed
trixie
2.24.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
devscripts
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
http://osvdb.org/100855
http://seclists.org/oss-sec/2013/q4/470
http://seclists.org/oss-sec/2013/q4/486
http://www.securityfocus.com/bid/64241
https://bugzilla.redhat.com/show_bug.cgi?id=1040266
https://exchange.xforce.ibmcloud.com/vulnerabilities/89666
http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
http://osvdb.org/100855
http://seclists.org/oss-sec/2013/q4/470
http://seclists.org/oss-sec/2013/q4/486
http://www.securityfocus.com/bid/64241
https://bugzilla.redhat.com/show_bug.cgi?id=1040266
https://exchange.xforce.ibmcloud.com/vulnerabilities/89666