CVE-2012-2085
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
28/08/2012
Last modified:
11/04/2025
Description
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:* | 0.14.4 (including) | |
| cpe:2.3:a:gajim:gajim:0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.11.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.11.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.11.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.11.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.12.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.12.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.12.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.12.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gajim:gajim:0.12.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/48708
- http://secunia.com/advisories/48794
- http://security.gentoo.org/glsa/glsa-201208-04.xml
- http://www.openwall.com/lists/oss-security/2012/04/08/1
- http://www.openwall.com/lists/oss-security/2012/04/08/2
- http://www.securityfocus.com/bid/52943
- https://trac.gajim.org/changeset/bc296e96ac10
- https://trac.gajim.org/ticket/7031
- http://secunia.com/advisories/48708
- http://secunia.com/advisories/48794
- http://security.gentoo.org/glsa/glsa-201208-04.xml
- http://www.openwall.com/lists/oss-security/2012/04/08/1
- http://www.openwall.com/lists/oss-security/2012/04/08/2
- http://www.securityfocus.com/bid/52943
- https://trac.gajim.org/changeset/bc296e96ac10
- https://trac.gajim.org/ticket/7031