16 matches found
GHSA-WXXX-GVQV-XP7P LiteLLM has a sandbox escape in custom-code guardrail
Impact The POST /guardrails/testcustomcode endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image. Reaching the endpoint...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2026-27952 Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package ...
CVE-2025-14026
Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...
CVE-2025-14026 Vulnerable Python version used in Forcepoint One DLP Client
Forcepoint One DLP Client, version 23.04.5642 and possibly newer versions, includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface FFI for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code...
DEBIAN-CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
Chameleon in Plone allows Authentication Bypass
Chameleon five.pt in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates...
GHSA-6H8X-73FX-Q2H9 Chameleon in Plone allows Authentication Bypass
Chameleon five.pt in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates...
CVE-2016-4043
Chameleon five.pt in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates...
PYSEC-2017-57
Chameleon five.pt in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates...
PYSEC-2017-57
Chameleon five.pt in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates...
CVE-2016-4043
CVE-2016-4043 affects Plone 5.0rc1–5.1a1 via Chameleon (five.pt); remote authenticated users can bypass Restricted Python by exploiting permissions to create or edit templates. Root cause: improper handling in template editing allows elevation of privileges within PloneFormGen contexts. Impact is...
CVE-2016-4043
Chameleon five.pt in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates...
Plone Security Bypass Vulnerability
Plone is the United States Plone Foundation's set of free and open source content management system CMS built on the application server Zope. A security vulnerability exists in Plone's five.pt file, which can be exploited by an attacker to bypass restricted Python with PloneFormGen template editi...
(Plone): Restricted Python injection
It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface control panel. A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interfac...