102 matches found
Aim Improper Access Control
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...
CVE-2024-8238
In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...
CVE-2024-8238
CVE-2024-8238 affects aimhubio/aim v3.22.0 where AimQL uses an outdated safer_getattr() from RestrictedPython, failing to block str.format_map() and allowing access to arbitrary Python attributes (e.g., os.environ) and potential unrestricted code execution if a malicious .dll/.so is loaded. Multi...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : RestrictedPython vulnerabilities (USN-7355-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7355-1 advisory. Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not properly sanitize certain inputs. An attacker...
Ubuntu: Security Advisory (USN-7355-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7355-1 restrictedpython vulnerabilities
Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not properly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-37271 Abhishek Govindarasu, Ankush Menat and War...
USN-7355-1: RestrictedPython vulnerabilities
Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not properly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-37271 Abhishek Govindarasu, Ankush Menat and War...
Linux Distros Unpatched Vulnerability : CVE-2023-37271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment...
Linux Distros Unpatched Vulnerability : CVE-2023-41039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's format functionality allows someone controlling the format...
Linux Distros Unpatched Vulnerability : CVE-2024-47532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible informatio...
CVE-2025-22153
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
Sandbox Escape
restrictedpython is vulnerable to Sandbox Escape. The vulnerability is due to a type confusion bug in CPython when using try/except, which allows an attacker to bypass the security restrictions in RestrictedPython...
CVE-2025-22153
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
DEBIAN-CVE-2025-22153
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
UBUNTU-CVE-2025-22153
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
CVE-2025-22153 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
CVE-2025-22153
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
CVE-2025-22153 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
CVE-2025-22153
CVE-2025-22153 describes a type-confusion vulnerability in RestrictedPython exploitable via CPython 3.11–3.12 when using try/except*. The flaw allows bypassing RestrictedPython protections in versions 6.0 up to, but not including, 8.0. The fix is in RestrictedPython 8.0, which removes support for...
CVE-2025-22153 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...