CVE-2019-7653

Priority
Description
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI
tools that can load Python modules from the current working directory,
allowing code injection, because "python -m" looks in this directory, as
demonstrated by rdf2dot. This issue is specific to use of the
debian/scripts directory.
Notes
mdeslaurpython-rdflib-tools binary package is in universe
Package
Upstream:needed
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:not-affected (4.2.2-2)
Ubuntu 21.10:not-affected (4.2.2-2)
Ubuntu 22.04 LTS:not-affected (4.2.2-2)
Ubuntu 14.04 ESM:DNE (trusty was needs-triage)
Patches:
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2022-04-25 00:44:32 UTC (commit ecc1009cb19540b950de59270950018900f37f15)