GHSA-2799-6G5R-MMC7 Superduper: Remote code execution via unsafe eval in superduper query parsing
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...