102 matches found
Arbitrary Code Execution
restrictedpython is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly restrict access to stack frames and attributes which allows an attacker to access the RestrictedPython environment and create code that receives the current stack frame from a...
Frappe Framework 13.4.0 Remote Code Execution
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...
CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
Default configuration
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
PYSEC-2023-118
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
UBUNTU-CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
aimmo (>=0.4.0b3098 <=0.27.4b5229), battlehack20 (>=1.0.0 <=1.1.0) +6 more potentially affected by CVE-2023-37271 via restrictedpython (>=4.0.0b4 <=5.2.0)
restrictedpython PYPI version =4.0.0b4, =0.4.0b3098, =1.0.0, =1.0.1, =1.1.1, =0.1.0, =0.3.4, =0.0.41, =0.1047.0, =1.7.36 Source cves: CVE-2023-37271 Source advisory: OSV:PYSEC-2023-118...
PYSEC-2023-118
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
CVE-2023-37271 RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
CVE-2023-37271 RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
CVE-2023-37271
CVE-2023-37271 concerns RestrictedPython, a tool for sandboxing Python code. The vulnerability arises because RestrictedPython does not sanitize access to stack frames, allowing code inside generators/generator expressions to access the current stack frame and walk the stack beyond the sandbox bo...
CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
CVE-2023-37271 RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
RestrictedPython 安全漏洞
RestrictedPython is a tool that helps define a subset of the Python language that allows program input to be provided to a trusted environment. A security vulnerability exists in RestrictedPython versions prior to 5.3, and prior to 6.1, which stems from allowing a user to provide program input to...
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frappe Framework uses...
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...
a2grunnerp (>=0.1.0 <=0.1.8), dcicsnovault (>=2.0.0b4 <=2.0.0b7) +5 more potentially affected by CVE-2023-37271 via restrictedpython (>=6.0.0 <=6.0.0a1.dev0)
restrictedpython PYPI version =6.0.0, =0.1.0, =2.0.0b4, =0.0.42a3, =2.10.0, =2025.9.5, =4.8.4, =4.8.11 Source cves: CVE-2023-37271 Source advisory: OSV:GHSA-WQC8-X2PR-7JQH...
GHSA-WQC8-X2PR-7JQH RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
Impact RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the...
aimmo (>=0.4.0b3098 <=0.27.4b5229), battlehack20 (>=1.0.0 <=1.1.0) +6 more potentially affected by CVE-2023-37271 via restrictedpython (>=4.0.0b4 <=5.2.0)
restrictedpython PYPI version =4.0.0b4, =0.4.0b3098, =1.0.0, =1.0.1, =1.1.1, =0.1.0, =0.3.4, =0.0.41, =0.1047.0, =1.7.36 Source cves: CVE-2023-37271 Source advisory: OSV:GHSA-WQC8-X2PR-7JQH...
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
Impact RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the...