Lucene search
K

15 matches found

OSV
OSV
added 2026/06/03 2:48 p.m.4 views

ROOT-APP-PYPI-CVE-2025-24359 CVE-2025-24359 in rootio-asteval - Patched by Root

Root has patched CVE-2025-24359 in the rootio-asteval package for Root:PyPI. Multiple fixed versions available...

8.4CVSS5.4AI score0.00229EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/07/18 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2025-83c141f000)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS7.5AI score0.00229EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.6 views

Fedora 42 : python-asteval (2025-83c141f000)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-83c141f000 advisory. Fix CVE-2025-24359 closes rhbz2341976 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

8.4CVSS5.5AI score0.00229EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/09 12:0 a.m.3 views

Fedora 43 : python-asteval (2025-99d252d8fc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-99d252d8fc advisory. Automatic update for python-asteval-1.0.6-1.fc43. Changelog Wed Jul 9 2025 Fabian Affolter - 1.0.6-1 - Update to latest upstream release closes rhbz2338907 -...

8.4CVSS5.5AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 2025/03/21 1:17 p.m.4 views

OESA-2025-1298 python-asteval security update

ASTEVAL provides a numpy-aware, safeish 'eval' function Emphasis is on mathematical expressions, and so numpy ufuncs are used if available. Symbols are held in the Interpreter symbol table 'symtable': a simple dictionary supporting a simple, flat namespace. Expressions can be compiled into ast no...

8.4CVSS7.7AI score0.00229EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-24359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypa...

8.4CVSS5.9AI score0.00229EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/02/18 12:0 a.m.13 views

openSUSE Security Advisory (openSUSE-SU-2025:0052-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS7.1AI score0.00229EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2025/01/28 12:0 a.m.5 views

python311-asteval-1.0.6-1.1 on GA media (moderate)

python311-asteval-1.0.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:14701-1 Rating: moderate Cross-References: CVE-2025-24359 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

8.4CVSS7.3AI score0.00229EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/01/24 6:45 p.m.6 views

agent-smith-ai (>=0.9.2 <=1.0.1), awslabs-ccapi-mcp-server (>=1.0.1 <=1.0.18) +37 more potentially affected by CVE-2025-24359 via asteval (>=0.9.13 <=1.0.5)

asteval PYPI version =0.9.13, =0.9.2, =1.0.1, =3.2.415, =3.2.415, =0.2.0, =0.1.0, =0.1.130, =6.0.0, =0.1.0, =0.0.1.dev6, =2.1.3, =0.8.305, =1.0.51 and more Source cves: CVE-2025-24359 Source advisory: OSV:GHSA-3WWR-3G9F-9GC7...

8.4CVSS5.4AI score0.00229EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/01/24 6:45 p.m.3 views

awslabs-ccapi-mcp-server (>=1.0.1 <=1.0.18), bridgecrew (>=3.2.415 <=3.2.477) +9 more potentially affected by CVE-2025-24359 via asteval (=1.0.5)

asteval PYPI version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on asteval and may be impacted: - awslabs-ccapi-mcp-server =1.0.1, =3.2.415, =3.2.415, =0.1.130, =6.0.0, =5.8.0, =5.8.0, =0.0.8, =0.1.0, =0.15.0 Source cves: CVE-2025-24359 Source...

8.4CVSS5.7AI score0.00229EPSS
Exploits0
NVD
NVD
added 2025/01/24 5:15 p.m.14 views

CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

8.4CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2025/01/24 4:52 p.m.77 views

CVE-2025-24359

CVE-2025-24359 affects the Python package asteval prior to 1.0.6. The root cause is in the handling of FormattedValue AST nodes in on_formattedvalue, which uses the dangerous Str.format path (fmt.format(fstring =val)). This can allow an attacker who controls input to bypass restrictions and execu...

8.4CVSS8.7AI score0.00229EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/01/24 4:52 p.m.14 views

CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

8.4CVSS5.9AI score0.00229EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/24 4:52 p.m.22 views

CVE-2025-24359 ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

8.4CVSS0.00229EPSS
Exploits0References3
Circl
Circl
added 2025/01/24 1:56 a.m.5 views

CVE-2025-24359

creationtimestamp| type| source ---|---|--- 2025-01-24 01:56:30+00:00| published-proof-of-concept| https://github.com/lmfit/asteval/security/advisories/GHSA-3wwr-3g9f-9gc7 2025-01-24 16:53:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113884373894073837 2025-01-24 17:04:48+00:00|...

8.4CVSS5.7AI score0.00229EPSS
Exploits0References6
Rows per page
Query Builder