102 matches found
GHSA-8XV7-89VJ-Q48C Information disclosure in AccessControl
Impact Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy...
Information Disclosure
RestrictedPython is vulnerable to Information Disclosure. The vulnerability arises due to the format functionality in Python which allows someone controlling the format string to "read" data from objects, including sensitive information. This vulnerability could potentially allow an attacker to...
GHSA-XJW2-6JM9-RF67 Sandbox escape via various forms of "format".
Impact Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With RestrictedPython, the format functionality is...
aimmo (>=0.4.0b3098 <=0.27.4b5229), battlehack20 (>=1.0.0 <=1.1.0) +6 more potentially affected by CVE-2023-41039 via restrictedpython (>=4.0.0b4 <=5.2.0)
restrictedpython PYPI version =4.0.0b4, =0.4.0b3098, =1.0.0, =1.0.1, =1.1.1, =0.1.0, =0.3.4, =0.0.41, =0.1047.0, =1.7.36 Source cves: CVE-2023-41039 Source advisory: OSV:GHSA-XJW2-6JM9-RF67...
a2grunnerp (>=0.1.0 <=0.1.8), dcicsnovault (>=2.0.0b4 <=2.0.0b7) +7 more potentially affected by CVE-2023-41039 via restrictedpython (>=6.0.0 <=6.1.0)
restrictedpython PYPI version =6.0.0, =0.1.0, =2.0.0b4, =0.0.42a3, =2.10.0, =2025.9.5, =0.8.2b36, =4.8.4, =4.8.11 Source cves: CVE-2023-41039 Source advisory: OSV:GHSA-XJW2-6JM9-RF67...
CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
DEBIAN-CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
aimmo (>=0.4.0b3098 <=0.27.4b5229), battlehack20 (>=1.0.0 <=1.1.0) +6 more potentially affected by CVE-2023-41039 via restrictedpython (>=4.0.0b4 <=5.2.0)
restrictedpython PYPI version =4.0.0b4, =0.4.0b3098, =1.0.0, =1.0.1, =1.1.1, =0.1.0, =0.3.4, =0.0.41, =0.1047.0, =1.7.36 Source cves: CVE-2023-41039 Source advisory: OSV:PYSEC-2023-159...
UBUNTU-CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
Format string
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
a2grunnerp (>=0.1.0 <=0.1.8), dcicsnovault (>=2.0.0b4 <=2.0.0b7) +7 more potentially affected by CVE-2023-41039 via restrictedpython (>=6.0.0 <=6.1.0)
restrictedpython PYPI version =6.0.0, =0.1.0, =2.0.0b4, =0.0.42a3, =2.10.0, =2025.9.5, =0.8.2b36, =4.8.4, =4.8.11 Source cves: CVE-2023-41039 Source advisory: OSV:PYSEC-2023-159...
PYSEC-2023-159
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
PYSEC-2023-159
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
CVE-2023-41039
CVE-2023-41039 affects RestrictedPython. The issue stems from Python’s string format/format_map inside RestrictedPython enabling a format string controller to read objects via recursive attribute lookup and subscription, causing potential information disclosure. All known RestrictedPython version...
CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
RestrictedPython 注入漏洞
RestrictedPython is a tool that helps define a subset of the Python language that allows program input to be provided to a trusted environment. RestrictedPython suffers from an injection vulnerability that stems from the fact that Python's format function allows a person controlling a format stri...