Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/18 2:28 p.m.12 views

EUVD-2026-37730

python-statemachine SCXML Eval Injection...

9.8CVSS5.2AI score0.01188EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/18 2:28 p.m.4 views

Eval Injection

Overview python-statemachine is a Python Finite State Machines made easy. Affected versions of this package are vulnerable to Eval Injection via the SCXMLProcessor.parsescxmlfile process. An attacker can execute arbitrary code in the context of the hosting process by supplying a crafted SCXML...

9.8CVSS6.1AI score0.01188EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.9 views

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/17 2:32 p.m.44 views

CVE-2026-47103

Python StateMachine 3.0.0 before 3.2.0 has a remote code execution flaw: crafted SCXML documents with are unsafely evaluated via eval() in the SCXMLProcessor, enabling arbitrary code execution in the hosting process. Affected versions are 3.0.0 up to (but not including) 3.2.0. The CVSS metrics i...

9.8CVSS6.7AI score0.01188EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50440

Name of the Vulnerable Software and Affected Versions Python StateMachine versions 3.0.0 through 3.1.x Description An issue exists where the library evaluates expressions from SCXML documents unsafely. The SCXMLProcessor passes attacker-controlled expression strings from attributes through a call...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References12
Rows per page
Query Builder