CVE-2024-47532

2024-09-3016:15:09

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-47532

restricted execution environment

python

unix

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

Confidence

Low

EPSS

Percentile

9.6%

JSON

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.

OSVersionArchitecturePackageVersionFilename
Debian12allrestrictedpython<= 4.0~b3-3restrictedpython_4.0~b3-3_all.deb
Debian11allrestrictedpython<= 4.0~b3-2restrictedpython_4.0~b3-2_all.deb
Debian999allrestrictedpython<= 6.2-1restrictedpython_6.2-1_all.deb
Debian13allrestrictedpython<= 6.2-1restrictedpython_6.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	restrictedpython	<= 4.0~b3-3	restrictedpython_4.0~b3-3_all.deb
Debian	11	all	restrictedpython	<= 4.0~b3-2	restrictedpython_4.0~b3-2_all.deb
Debian	999	all	restrictedpython	<= 6.2-1	restrictedpython_6.2-1_all.deb
Debian	13	all	restrictedpython	<= 6.2-1	restrictedpython_6.2-1_all.deb