Lucene search
K

8 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-486 PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.4AI score0.00541EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 8:13 p.m.7 views

GHSA-QXJP-W3PJ-48M7 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.8AI score0.0045EPSS
Exploits2References4
OSV
OSV
added 2026/05/05 6:57 p.m.4 views

GHSA-89G2-XW5C-V95P PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186 partialfunc =...

8.6CVSS6AI score0.00144EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/08 7:17 p.m.24 views

PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.6AI score0.00541EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.13 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS8.7AI score0.00306EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 4:15 p.m.3 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS0.00306EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/18 12:0 a.m.5 views

EUVD-2025-198042

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS7.8AI score0.00778EPSS
Exploits1References2
CVE
CVE
added 2025/11/18 12:0 a.m.12 views

CVE-2025-63604

CVE-2025-63604 affects baryhuang/mcp-server-aws-resources-python 0.1.0. A code-injection flaw stems from insufficient input validation in the execute_query method, exposing dangerous built-ins (import , getattr, hasattr) in the execution namespace and using exec() to run user-supplied code. Attac...

6.5CVSS8.3AI score0.00306EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder