CVE-2019-12761: XML injection
(updated )
A code injection issue was discovered in PyXDG; via crafted Python code in a Category element of a Menu XML document in a .menu
file. XDG_CONFIG_DIRS
must be set up to trigger xdg.Menu.parse
parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py
before an eval
call.
References
Detect and mitigate CVE-2019-12761 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →