978 matches found
CVE-2025-1077
CVE-2025-1077 affects IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather) via the Product Delivery Service (PDS) when the PDS pipeline uses the IPDS pipeline with Message Editor Output Filters enabled. The vulnerability allows a remote, unauthenti...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
CVE-2024-5565
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
CVE-2024-27321
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...
CVE-2024-27320
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
CVE-2024-45849
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Arbitrary Code Execution (ACE)
asteval is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient input validation, which allows attackers to bypass safety restrictions and execute arbitrary Python code within the application's context...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
CVE-2025-24359 ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...
CVE-2025-24359 ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...
Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-811)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-811 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python...
Important: python-jinja2
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Arbitrary Code Execution
Jinja2 is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper detection in the sandboxed environment caused by an oversight in how calls to str.format are handled, allowing attackers to execute arbitrary Python code if they control the content of a template and exploit...
Arbitrary Code Execution
Jinja is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling in the compiler caused by a bug that allows an attacker controlling both the content and filename of a template to execute arbitrary Python code, regardless of whether Jinja's sandbox is used...
Jinja has a sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...
CVE-2024-56326
CVE-2024-56326 affects Jinja2 prior to 3.1.5, where an oversight in the sandboxed environment allows an attacker who can control template content to execute arbitrary Python code. The vulnerability arises from how calls to str.format can be indirectly invoked via filters, bypassing sandbox protec...
CVE-2024-56201 Jinja has a sandbox breakout through malicious filenames
Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...
Jinja 安全漏洞
Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.5, which stems from a compiler bug that allows an attacker who has control over both the template content and filename to execute arbitrary Python cod...
Arbitrary Code Injection
Overview pycel is an A library for compiling excel spreadsheets to python code & visualizing them as a graph Affected versions of this package are vulnerable to Arbitrary Code Injection through the code generation from a crafted formula in an Excel spreadsheet cell. An attacker can execute...