Lucene search
K

14 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.9 views

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/06/18 2:28 p.m.4 views

Eval Injection

Overview python-statemachine is a Python Finite State Machines made easy. Affected versions of this package are vulnerable to Eval Injection via the SCXMLProcessor.parsescxmlfile process. An attacker can execute arbitrary code in the context of the hosting process by supplying a crafted SCXML...

9.8CVSS6.1AI score0.01188EPSS
Exploits1References2
NVD
NVD
added 2026/06/17 3:16 p.m.14 views

CVE-2026-47103

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

9.8CVSS0.01188EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/17 2:32 p.m.35 views

CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

9.8CVSS0.01188EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/17 2:32 p.m.9 views

CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

9.8CVSS6.6AI score0.01188EPSS
Exploits1References3
Fedora
Fedora
added 2026/04/25 1:55 a.m.9 views

[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

5.4AI score
Exploits0
Fedora
Fedora
added 2026/04/25 1:55 a.m.10 views

[SECURITY] Fedora 44 Update: mingw-qt6-qtscxml-6.10.3-2.fc44

This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...

5.1AI score
Exploits0
Fedora
Fedora
added 2025/11/06 2:24 a.m.9 views

[SECURITY] Fedora 42 Update: qt5-qtscxml-5.15.18-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

7AI score
Exploits0
Fedora
Fedora
added 2025/10/30 4:36 a.m.10 views

[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.3-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

9.4CVSS7AI score0.00204EPSS
Exploits0
Fedora
Fedora
added 2025/06/11 2:46 a.m.6 views

[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.1-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

8.4CVSS7.2AI score0.00309EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.15 views

Fedora: Security Advisory for qt6-qtscxml (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS10AI score0.0097EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.12 views

Fedora: Security Advisory for qt5-qtscxml (FEDORA-2024-2e27372d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS10AI score0.0097EPSS
Exploits0References2
Fedora
Fedora
added 2024/06/05 1:41 a.m.19 views

[SECURITY] Fedora 40 Update: qt5-qtscxml-5.15.14-1.fc40

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

9.8CVSS6.6AI score0.0097EPSS
Exploits0
Fedora
Fedora
added 2024/05/29 3:37 a.m.21 views

[SECURITY] Fedora 40 Update: qt6-qtscxml-6.7.1-1.fc40

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

9.8CVSS6.6AI score0.0097EPSS
Exploits0
Rows per page
Query Builder