Lucene search
K

4 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-506 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.5AI score0.01188EPSS
Exploits1References7
OSV
OSV
added 2026/06/18 2:28 p.m.5 views

GHSA-V4JC-PM6R-3VJ8 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.9 views

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/17 2:32 p.m.44 views

CVE-2026-47103

Python StateMachine 3.0.0 before 3.2.0 has a remote code execution flaw: crafted SCXML documents with are unsafely evaluated via eval() in the SCXMLProcessor, enabling arbitrary code execution in the hosting process. Affected versions are 3.0.0 up to (but not including) 3.2.0. The CVSS metrics i...

9.8CVSS6.7AI score0.01188EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder