4 matches found
PYSEC-2026-319 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...
GHSA-QXJP-W3PJ-48M7 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...
GHSA-3C4R-6P77-XWR7 PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...
PT-2026-31995
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI's AST-based Python sandbox can be bypassed using the type. getattribute trampoline, leading to arbitrary code execution when running untrusted agent code. The execute code direct functi...