[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-13012":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T21:11:43.830Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":64,"aliases":65,"duplicate_of":9,"upstream":66,"downstream":67,"duplicates":92,"related":93,"reserved_at":9,"published_at":99,"modified_at":100,"state":101,"summary":102,"references_raw":111,"kevs":171,"epss":172,"epss_history":175,"metrics":434,"affected":443},"CVE-2019-13012","The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-732","Incorrect Permission Assignment for Critical Resource","The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.","weakness","Draft","Class","High",[20,24,28,32,36,40,44,48,52,56,60],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[],{"id":25,"name":26,"techniques":27},"CAPEC-122","Privilege Abuse",[],{"id":29,"name":30,"techniques":31},"CAPEC-127","Directory Indexing",[],{"id":33,"name":34,"techniques":35},"CAPEC-17","Using Malicious Files",[],{"id":37,"name":38,"techniques":39},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[],{"id":41,"name":42,"techniques":43},"CAPEC-206","Signing Malicious Code",[],{"id":45,"name":46,"techniques":47},"CAPEC-234","Hijacking a privileged process",[],{"id":49,"name":50,"techniques":51},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[],{"id":53,"name":54,"techniques":55},"CAPEC-61","Session Fixation",[],{"id":57,"name":58,"techniques":59},"CAPEC-62","Cross Site Request Forgery",[],{"id":61,"name":62,"techniques":63},"CAPEC-642","Replace Binaries",[],[],[],[],[68,70,72,74,76,78,80,82,84,86,88,90],{"_key":69},"RHSA-2021:1586",{"_key":71},"DEBIAN-CVE-2019-13012",{"_key":73},"SUSE-SU-2019:1824-1",{"_key":75},"SUSE-SU-2019:1830-1",{"_key":77},"SUSE-SU-2019:1830-2",{"_key":79},"SUSE-SU-2019:1833-1",{"_key":81},"UBUNTU-CVE-2019-13012",{"_key":83},"USN-4049-1",{"_key":85},"USN-4049-2",{"_key":87},"OPENSUSE-SU-2019:1749-1",{"_key":89},"DLA-1866-1",{"_key":91},"DLA-1866-2",[],[94,95,96,97,98],{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":87},"2019-06-28T14:07:42.000Z","2024-08-04T23:41:09.239Z","Modified",{"cisa_kev":103,"cisa_ransomware":103,"cisa_vendor":9,"epss_severity":104,"epss_score":105,"severity":106,"severity_score":107,"severity_version":108,"severity_source":109,"severity_vector":110,"severity_status":101},false,"low",0.00842,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[112,119,124,129,135,139,144,149,155,159,163,167],{"url":113,"sources":114,"tags":116},"https://gitlab.gnome.org/GNOME/glib/issues/1658",[115,109],"cve.org",[117,118],"X Refsource MISC","Third Party Advisory",{"url":120,"sources":121,"tags":122},"https://gitlab.gnome.org/GNOME/glib/merge_requests/450",[115,109],[117,123,118],"Issue Tracking",{"url":125,"sources":126,"tags":127},"https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429",[115,109],[117,128,118],"Patch",{"url":130,"sources":131,"tags":132},"https://usn.ubuntu.com/4049-1/",[115,109],[133,134],"Vendor Advisory","X Refsource UBUNTU",{"url":136,"sources":137,"tags":138},"https://usn.ubuntu.com/4049-2/",[115,109],[133,134],{"url":140,"sources":141,"tags":142},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html",[115,109],[133,143],"X Refsource SUSE",{"url":145,"sources":146,"tags":147},"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12",[115,109],[148],"X Refsource CONFIRM",{"url":150,"sources":151,"tags":152},"https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html",[115,109],[153,154],"Mailing List","X Refsource MLIST",{"url":156,"sources":157,"tags":158},"https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html",[115,109],[153,154],{"url":160,"sources":161,"tags":162},"https://security.netapp.com/advisory/ntap-20190806-0003/",[115,109],[148],{"url":164,"sources":165,"tags":166},"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",[115,109],[153,154],{"url":168,"sources":169,"tags":170},"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",[115,109],[153,154],[],{"date":173,"score":105,"percentile":174},"2026-04-07",0.74691,[176,179,182,185,187,190,193,196,199,202,205,208,211,214,217,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,268,270,272,274,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,320,323,326,329,332,334,336,339,342,345,347,350,353,356,359,362,365,368,371,374,377,379,381,384,387,390,393,396,399,402,405,408,411,414,416,419,422,425,428,431],{"date":177,"score":105,"percentile":178},"2025-11-04",0.73994,{"date":180,"score":105,"percentile":181},"2025-11-05",0.73978,{"date":183,"score":105,"percentile":184},"2025-11-06",0.73976,{"date":186,"score":105,"percentile":178},"2025-11-07",{"date":188,"score":105,"percentile":189},"2025-11-08",0.73993,{"date":191,"score":105,"percentile":192},"2025-11-09",0.73988,{"date":194,"score":105,"percentile":195},"2025-11-10",0.73973,{"date":197,"score":105,"percentile":198},"2025-11-11",0.73977,{"date":200,"score":105,"percentile":201},"2025-11-12",0.73996,{"date":203,"score":105,"percentile":204},"2025-11-13",0.74003,{"date":206,"score":105,"percentile":207},"2025-11-14",0.74008,{"date":209,"score":105,"percentile":210},"2025-11-15",0.74005,{"date":212,"score":105,"percentile":213},"2025-11-16",0.74001,{"date":215,"score":105,"percentile":216},"2025-11-17",0.73992,{"date":218,"score":219,"percentile":220},"2025-11-18",0.01496,0.7946,{"date":222,"score":219,"percentile":223},"2025-11-19",0.79467,{"date":225,"score":219,"percentile":226},"2025-11-20",0.79473,{"date":228,"score":105,"percentile":229},"2025-11-21",0.74007,{"date":231,"score":105,"percentile":232},"2025-11-22",0.73999,{"date":234,"score":105,"percentile":235},"2025-11-23",0.73984,{"date":237,"score":105,"percentile":238},"2025-11-24",0.73982,{"date":240,"score":105,"percentile":241},"2025-11-25",0.73983,{"date":243,"score":105,"percentile":244},"2025-11-26",0.73987,{"date":246,"score":105,"percentile":247},"2025-11-27",0.73989,{"date":249,"score":105,"percentile":250},"2025-11-28",0.73979,{"date":252,"score":105,"percentile":253},"2025-11-29",0.73975,{"date":255,"score":105,"percentile":256},"2025-11-30",0.7397,{"date":258,"score":105,"percentile":259},"2025-12-01",0.74102,{"date":261,"score":105,"percentile":262},"2025-12-02",0.7411,{"date":264,"score":105,"percentile":265},"2025-12-03",0.74109,{"date":267,"score":105,"percentile":198},"2025-12-04",{"date":269,"score":105,"percentile":192},"2025-12-05",{"date":271,"score":105,"percentile":192},"2025-12-06",{"date":273,"score":105,"percentile":247},"2025-12-07",{"date":275,"score":105,"percentile":189},"2025-12-08",{"date":277,"score":105,"percentile":278},"2025-12-09",0.74023,{"date":280,"score":105,"percentile":281},"2025-12-10",0.74056,{"date":283,"score":105,"percentile":284},"2025-12-11",0.74071,{"date":286,"score":105,"percentile":287},"2025-12-12",0.74094,{"date":289,"score":105,"percentile":290},"2025-12-13",0.74099,{"date":292,"score":105,"percentile":293},"2025-12-14",0.74098,{"date":295,"score":105,"percentile":296},"2025-12-15",0.74101,{"date":298,"score":105,"percentile":299},"2025-12-16",0.74112,{"date":301,"score":105,"percentile":302},"2025-12-17",0.74123,{"date":304,"score":105,"percentile":305},"2025-12-18",0.74145,{"date":307,"score":105,"percentile":308},"2025-12-19",0.74161,{"date":310,"score":105,"percentile":311},"2025-12-20",0.74159,{"date":313,"score":105,"percentile":314},"2025-12-21",0.74152,{"date":316,"score":105,"percentile":317},"2025-12-22",0.74154,{"date":319,"score":105,"percentile":305},"2025-12-23",{"date":321,"score":105,"percentile":322},"2025-12-24",0.74157,{"date":324,"score":105,"percentile":325},"2025-12-25",0.74184,{"date":327,"score":105,"percentile":328},"2025-12-26",0.7418,{"date":330,"score":105,"percentile":331},"2025-12-27",0.74223,{"date":333,"score":105,"percentile":311},"2025-12-28",{"date":335,"score":105,"percentile":317},"2025-12-29",{"date":337,"score":105,"percentile":338},"2025-12-30",0.7417,{"date":340,"score":105,"percentile":341},"2025-12-31",0.74197,{"date":343,"score":105,"percentile":344},"2026-01-01",0.74339,{"date":346,"score":105,"percentile":344},"2026-01-02",{"date":348,"score":105,"percentile":349},"2026-01-03",0.7434,{"date":351,"score":105,"percentile":352},"2026-01-04",0.74207,{"date":354,"score":105,"percentile":355},"2026-01-05",0.742,{"date":357,"score":105,"percentile":358},"2026-01-06",0.74217,{"date":360,"score":105,"percentile":361},"2026-01-07",0.74224,{"date":363,"score":105,"percentile":364},"2026-01-08",0.74237,{"date":366,"score":105,"percentile":367},"2026-01-09",0.74243,{"date":369,"score":105,"percentile":370},"2026-01-10",0.74238,{"date":372,"score":105,"percentile":373},"2026-01-11",0.74226,{"date":375,"score":105,"percentile":376},"2026-01-12",0.74215,{"date":378,"score":105,"percentile":376},"2026-01-13",{"date":380,"score":105,"percentile":370},"2026-01-14",{"date":382,"score":105,"percentile":383},"2026-01-15",0.74247,{"date":385,"score":105,"percentile":386},"2026-01-16",0.74263,{"date":388,"score":105,"percentile":389},"2026-01-17",0.74259,{"date":391,"score":105,"percentile":392},"2026-01-18",0.74235,{"date":394,"score":105,"percentile":395},"2026-01-19",0.74225,{"date":397,"score":105,"percentile":398},"2026-01-20",0.7423,{"date":400,"score":105,"percentile":401},"2026-01-21",0.74233,{"date":403,"score":105,"percentile":404},"2026-01-22",0.74239,{"date":406,"score":105,"percentile":407},"2026-01-23",0.74268,{"date":409,"score":105,"percentile":410},"2026-01-24",0.74277,{"date":412,"score":105,"percentile":413},"2026-01-25",0.74261,{"date":415,"score":105,"percentile":389},"2026-01-26",{"date":417,"score":105,"percentile":418},"2026-01-27",0.74267,{"date":420,"score":105,"percentile":421},"2026-01-28",0.74278,{"date":423,"score":105,"percentile":424},"2026-01-29",0.74276,{"date":426,"score":105,"percentile":427},"2026-01-30",0.7428,{"date":429,"score":105,"percentile":430},"2026-01-31",0.74283,{"date":432,"score":105,"percentile":433},"2026-02-01",0.74404,[435],{"source":109,"cvss_v2_0":436,"cvss_v3_0":440,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":9,"vectorString":437,"impactScore":438,"exploitabilityScore":439},"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":107,"baseSeverity":441,"vectorString":110,"impactScore":442,"exploitabilityScore":439},"HIGH",6,[444],{"ecosystem":9,"name":445,"vendor":446,"product":445,"cpe_part":447,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},"glib","gnome","a",[449],{"version":450,"is_range":451,"range_type":452,"version_start":453,"version_start_type":454,"version_end":455,"version_end_type":456,"fixed_in":9},"gte2.0.0_lt2.59.1",true,"cpe","2.0.0","including","2.59.1","excluding"]