GHSA-VP47-9734-PRJW ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape
Summary If an attacker can control the input to the asteval library, they can bypass its safety restrictions and execute arbitrary Python code within the application's context. Details The vulnerability is rooted in how asteval performs attribute access verification. In particular, the onattribut...