Search for vulnerabilities
Vulnerability details: VCID-3b2a-xekj-aaam
Vulnerability ID VCID-3b2a-xekj-aaam
Aliases CVE-2007-0404
GHSA-qc99-g3wm-hgxr
Summary bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual HIGH http://code.djangoproject.com/changeset/3592
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.0055 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00735 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00735 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00735 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00735 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
epss 0.01144 https://api.first.org/data/v1/epss?cve=CVE-2007-0404
generic_textual HIGH https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519
generic_textual HIGH http://secunia.com/advisories/23826
generic_textual HIGH https://exchange.xforce.ibmcloud.com/vulnerabilities/31627
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-qc99-g3wm-hgxr
cvssv3.1 3.7 https://github.com/django/django
generic_textual HIGH https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
generic_textual HIGH https://github.com/django/django/commit/518d406e53
generic_textual HIGH https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2007-0404
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2007-0404
generic_textual HIGH http://www.securityfocus.com/bid/22134
Reference id Reference type URL
http://code.djangoproject.com/changeset/3592
https://api.first.org/data/v1/epss?cve=CVE-2007-0404
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0404
http://secunia.com/advisories/23826
https://exchange.xforce.ibmcloud.com/vulnerabilities/31627
https://github.com/django/django
https://github.com/django/django/commit/518d406e53
https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e
http://www.securityfocus.com/bid/22134
407786 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407786
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
CVE-2007-0404 https://nvd.nist.gov/vuln/detail/CVE-2007-0404
GHSA-qc99-g3wm-hgxr https://github.com/advisories/GHSA-qc99-g3wm-hgxr
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-0404
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.65346
EPSS Score 0.0055
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.