ROOT-APP-PYPI-GHSA-VP47-9734-PRJW GHSA-vp47-9734-prjw in rootio-asteval - Patched by Root

Root has patched GHSA-vp47-9734-prjw in the rootio-asteval package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-24359 CVE-2025-24359 in rootio-asteval - Patched by Root

Root has patched CVE-2025-24359 in the rootio-asteval package for Root:PyPI. Multiple fixed versions available...

OESA-2025-2558 python-asteval security update

ASTEVAL provides a numpy-aware, safeish 'eval' function Security Fixes: ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval s restrictions and execute arbitrary Python code in th...

Fedora: Security Advisory (FEDORA-2025-99d252d8fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: python-asteval-1.0.6-1.fc42

ASTEVAL is a safeish evaluator of Python expressions and statements, using Python's ast module. The idea is to provide a simple, safe, and robust miniature mathematical language that can handle user-input. The emphasis here is on mathematical expressions, and so many functions from numpy are...

Fedora: Security Advisory (FEDORA-2025-83c141f000)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : python-asteval (2025-83c141f000)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-83c141f000 advisory. Fix CVE-2025-24359 closes rhbz2341976 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Fedora 43 : python-asteval (2025-99d252d8fc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-99d252d8fc advisory. Automatic update for python-asteval-1.0.6-1.fc43. Changelog Wed Jul 9 2025 Fabian Affolter - 1.0.6-1 - Update to latest upstream release closes rhbz2338907 -...

OESA-2025-1298 python-asteval security update

ASTEVAL provides a numpy-aware, safeish 'eval' function Emphasis is on mathematical expressions, and so numpy ufuncs are used if available. Symbols are held in the Interpreter symbol table 'symtable': a simple dictionary supporting a simple, flat namespace. Expressions can be compiled into ast no...

asteval 1.06 Arbitrary Code Execution / Sandbox Escape Vulnerabilities

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

asteval 1.06 Arbitrary Code Execution / Sandbox Escape

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

Linux Distros Unpatched Vulnerability : CVE-2025-24359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypa...

openSUSE Security Advisory (openSUSE-SU-2025:0052-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2025:0052-1 Security update for python-asteval

This update for python-asteval fixes the following issues: Update to 1.0.6: drop testing and support for Python3.8, add Python 3.13, change document to reflect this. implement safegetattr and safeformat functions; fix bugs in UNSAFEATTRS and UNSAFEATTRSDTYPES usage boo1236405, CVE-2025-24359 make...

SUSE CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

Exposed Dangerous Method or Function

Overview asteval is a Safe, minimalistic evaluator of python expression using ast module Affected versions of this package are vulnerable to Exposed Dangerous Method or Function through the onformattedvalue function. An attacker can manipulate the value of the string used in the dangerous call...

awslabs-ccapi-mcp-server (>=1.0.1 <=1.0.18), bridgecrew (>=3.2.415 <=3.2.477) +10 more potentially affected by CVE-2025-24359 via asteval (=1.0.5)

asteval PYPI version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on asteval and may be impacted: - awslabs-ccapi-mcp-server =1.0.1, =3.2.415, =3.2.415, =0.1.130, =6.0.0, =5.8.0, =5.8.0, =0.0.8, =0.1.0, =0.14.3 Source cves: CVE-2025-24359 Source...

ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

GHSA-3WWR-3G9F-9GC7 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...