3 matches found
CVE-2026-33139
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...
CVE-2026-33139
PySpector ≤ 0.1.6 is affected by a plugin sandbox bypass in plugin_system.py. The validate_plugin_code() static analysis only handles ast.Name and ast.Attribute; calls built via indirect function calls (e.g., getattr(os, 'system')) yield an ast.Call, causing resolve_name() to return None and bypa...
CVE-2026-33139
creationtimestamp| type| source ---|---|--- 2026-03-17 13:53:17+00:00| published-proof-of-concept| https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-v3xv-8vc3-h2m6 2026-03-20 19:16:48+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33139...