Lupa 安全漏洞

Lupa is a bridging library developed by Scoder’s individual developers, which embeds the Lua runtime into Python. Versions of Lupa 2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the property filter was not consistently applied in built-in...

GHSA-6VH2-H83C-9294 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...