{"id":"PYSEC-2022-165","details":"The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.","aliases":["CVE-2021-23556","GHSA-7x48-7466-3g33","SNYK-PYTHON-GUAKE-2386334"],"modified":"2023-11-08T04:05:11.387134Z","published":"2022-03-17T12:15:00Z","references":[{"type":"WEB","url":"https://github.com/Guake/guake/pull/2017/commits/e3d671120bfe7ba28f50e256cc5e8a629781b888"},{"type":"WEB","url":"https://github.com/Guake/guake/pull/2017"},{"type":"WEB","url":"https://github.com/Guake/guake/releases"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-GUAKE-2386334"},{"type":"REPORT","url":"https://github.com/Guake/guake/issues/1796"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-7x48-7466-3g33"}],"affected":[{"package":{"name":"guake","ecosystem":"PyPI","purl":"pkg:pypi/guake"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.5"}]}],"versions":["3.0.0","3.0.0.0b2","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.1.0","3.1.1","3.2.0","3.2.1","3.2.1.dev35","3.2.2","3.3.0","3.3.1","3.3.2","3.3.3","3.4.0","3.5.0","3.6.0","3.6.1","3.6.2","3.6.3","3.7.0","3.8.2.0rc2.dev0","3.8.2.0rc3.dev0","3.8.3.dev0","3.8.4.dev0","3.8.5.0rc2","3.8.5.dev0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/guake/PYSEC-2022-165.yaml"}}],"schema_version":"1.7.3"}