{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2009-09-04T20:30:00Z",
  "id": "CVE-2009-2946",
  "details": "Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2009/dsa-1878"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209"
    },
    {
      "type": "WEB",
      "url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1"
    },
    {
      "type": "WEB",
      "url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0"
    }
  ]
}