Arbitrary Code Execution

Jinja2 is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper detection in the sandboxed environment caused by an oversight in how calls to str.format are handled, allowing attackers to execute arbitrary Python code if they control the content of a template and exploit...

CVE-2024-56201 Jinja has a sandbox breakout through malicious filenames

Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...

Jinja 安全漏洞

Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.5, which stems from a compiler bug that allows an attacker who has control over both the template content and filename to execute arbitrary Python cod...

PYSEC-2024-79

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

Autolabel 安全漏洞

Autolabel is a Python library open-sourced by refuel-ai. It is used to label, clean, and enrich textual datasets using any Large Language Model LLM. A security vulnerability exists in Autolabel 0.0.8 and earlier versions, which stems from the presence of an arbitrary code execution vulnerability,...

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

PandasAI Security Vulnerabilities

PandasAI is a Python library that integrates generative AI functionality into pandas to make dataframes conversational. A security vulnerability exists in PandasAI 1.5.17 and earlier versions, which stems from a vulnerability that allows an attacker to trigger the generation of arbitrary Python...

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

transmute-core unsafe YAML deserialization vulnerability

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

GHSA-W9CP-3X79-2P8P transmute-core unsafe YAML deserialization vulnerability

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

CVE-2023-47204

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

PYSEC-2023-223

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

CVE-2023-47204

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

transmute-core security vulnerability

transmute-core is a library for building API generators for Python webframeworks. A security vulnerability exists in versions of transmute-core prior to 1.13.5, which stems from the presence of insecure YAML deserialization and allows attackers to execute arbitrary Python code...

CVE-2023-47204

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

CVE-2023-36830

CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...

CVE-2023-36258

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...

PT-2023-22295 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0-rc-1 Description: The issue allows any user with edit rights on a page to execute...