102 matches found
GHSA-GMJ9-H825-CHQ2 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
Impact Via a type confusion bug in the CPython interpreter when using try/except RestrictedPython could be bypassed. We believe this should be fixed upstream in Python itself until that we remove support for try/except from RestrictedPython. It has been fixed for some Python versions. Patches...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' due to a type confusion bu...
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
Impact Via a type confusion bug in the CPython interpreter when using try/except RestrictedPython could be bypassed. We believe this should be fixed upstream in Python itself until that we remove support for try/except from RestrictedPython. It has been fixed for some Python versions. Patches...
a2grunnerp (>=0.1.0 <=0.1.8), agora-protocol (=0.2.0) +40 more potentially affected by CVE-2025-22153 via restrictedpython (>=6.0.0 <=7.4.0)
restrictedpython PYPI version =6.0.0, =0.1.0, =1.4.14, =0.1.1, =0.1.5, =0.1.0, =2.0.0b4, =0.38.0, =0.0.86, =0.0.42, =0.1.0, =0.1.24, =1.0.8 and more Source cves: CVE-2025-22153 Source advisory: SNYK:PYTHON-RESTRICTEDPYTHON-8660824...
a2grunnerp (>=0.1.0 <=0.1.8), agora-protocol (=0.2.0) +40 more potentially affected by CVE-2025-22153 via restrictedpython (>=6.0.0 <=7.4.0)
restrictedpython PYPI version =6.0.0, =0.1.0, =1.4.14, =0.1.1, =0.1.5, =0.1.0, =2.0.0b4, =0.38.0, =0.0.86, =0.0.42, =0.1.0, =0.1.24, =1.0.8 and more Source cves: CVE-2025-22153 Source advisory: OSV:GHSA-GMJ9-H825-CHQ2...
RestrictedPython 安全漏洞
RestrictedPython is an open source tool from Zope that helps define a subset of the Python language that allows program input to be provided to a trusted environment. A security vulnerability exists in RestrictedPython that stems from a type confusion error when using "try/except"...
Information Disclosure
RestrictedPython is vulnerable to Information Disclosure. The vulnerability is due to the combination of the AttributeError.obj and the string module, which allows unauthorized access to sensitive information within the RestrictedPython execution environment...
a2grunnerp (>=0.1.0 <=0.1.8), aimmo (>=0.4.0b3098 <=0.27.4b5229) +42 more potentially affected by CVE-2024-47532 via restrictedpython (>=4.0.0b4 <=7.2.0)
restrictedpython PYPI version =4.0.0b4, =0.1.0, =0.4.0b3098, =0.1.1, =1.0.0, =1.0.1, =0.1.1, =1.1.1, =2.0.0b4, =0.1.0, =0.3.4, =0.0.41, =0.1.0, =2.10.0, =2.19.0rc8 and more Source cves: CVE-2024-47532 Source advisory: OSV:GHSA-5RFV-66G4-JR8H...
GHSA-5RFV-66G4-JR8H RestrictedPython information leakage via `AttributeError.obj` and the `string` module
Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...
PYSEC-2024-186
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
CVE-2024-47532
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
a2grunnerp (>=0.1.0 <=0.1.8), aimmo (>=0.4.0b3098 <=0.27.4b5229) +42 more potentially affected by CVE-2024-47532 via restrictedpython (>=4.0.0b4 <=7.2.0)
restrictedpython PYPI version =4.0.0b4, =0.1.0, =0.4.0b3098, =0.1.1, =1.0.0, =1.0.1, =0.1.1, =1.1.1, =2.0.0b4, =0.1.0, =0.3.4, =0.0.41, =0.1.0, =2.10.0, =2.19.0rc8 and more Source cves: CVE-2024-47532 Source advisory: OSV:PYSEC-2024-186...
DEBIAN-CVE-2024-47532
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
UBUNTU-CVE-2024-47532
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
CVE-2024-47532
CVE-2024-47532 affects RestrictedPython, a Python restricted-execution environment. The issue allows indirect access to protected information via AttributeError.obj and the string module. Fixed in RestrictedPython version 7.3. Workarounds include removing the string module from RestrictedPython.U...
CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...
RestrictedPython 信息泄露漏洞
RestrictedPython is a Zope open source tool that helps define a subset of the Python language that allows program input to be provided to a trusted environment. An information disclosure vulnerability exists in RestrictedPython versions prior to 7.3. An attacker exploiting this vulnerability coul...
Information disclosure in AccessControl
Impact Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy...