{"id":"DEBIAN-CVE-2012-2085","details":"The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.","modified":"2026-04-28T20:11:50.320359Z","published":"2012-08-28T17:55:04.453Z","upstream":["CVE-2012-2085"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-2085"}],"affected":[{"package":{"name":"gajim","ecosystem":"Debian:11","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15-1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-2085.json"}},{"package":{"name":"gajim","ecosystem":"Debian:12","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15-1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-2085.json"}},{"package":{"name":"gajim","ecosystem":"Debian:13","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15-1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-2085.json"}},{"package":{"name":"gajim","ecosystem":"Debian:14","purl":"pkg:deb/debian/gajim?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.15-1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-2085.json"}}],"schema_version":"1.7.5"}