{"id":"CVE-2021-23556","details":"The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.","aliases":["GHSA-7x48-7466-3g33","PYSEC-2022-165","SNYK-PYTHON-GUAKE-2386334"],"modified":"2026-04-10T04:30:27.258859Z","published":"2022-03-17T12:15:07.590Z","related":["SNYK-PYTHON-GUAKE-2386334"],"references":[{"type":"ADVISORY","url":"https://github.com/Guake/guake/releases"},{"type":"REPORT","url":"https://github.com/Guake/guake/issues/1796"},{"type":"FIX","url":"https://github.com/Guake/guake/pull/2017/commits/e3d671120bfe7ba28f50e256cc5e8a629781b888"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334"},{"type":"FIX","url":"https://github.com/Guake/guake/pull/2017"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/guake/guake","events":[{"introduced":"0"},{"fixed":"c48caa7a39f511a617b9541b88ef59bab6a21264"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.8.5"}]}}],"versions":["0.3.0","0.4.0","0.4.1","0.4.2","0.4.3","0.4.4","0.8.10","0.8.11","0.8.9","3.0.0","3.0.0-a4","3.0.0.a4","3.0.0.a5","3.0.0.b1","3.0.0.b2","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.1.0","3.1.1","3.2.0","3.2.1","3.2.2","3.3.0","3.3.1","3.3.2","3.3.3","3.4.0","3.5.0","3.6.0","3.6.1","3.6.2","3.6.3","3.7.0","3.8.0","3.8.0.0rc1","3.8.0.0rc2","3.8.0.0rc3","3.8.1","3.8.2","3.8.2.0rc1","3.8.3","3.8.4","3.8.5.0rc1","3.8.5.0rc2","first_alpha_release"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23556.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}