14 matches found
python-statemachine SCXML <data expr> Eval Injection
Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...
Eval Injection
Overview python-statemachine is a Python Finite State Machines made easy. Affected versions of this package are vulnerable to Eval Injection via the SCXMLProcessor.parsescxmlfile process. An attacker can execute arbitrary code in the context of the hosting process by supplying a crafted SCXML...
CVE-2026-47103
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...
CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...
CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...
[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
[SECURITY] Fedora 44 Update: mingw-qt6-qtscxml-6.10.3-2.fc44
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...
[SECURITY] Fedora 42 Update: qt5-qtscxml-5.15.18-1.fc42
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.3-1.fc42
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
[SECURITY] Fedora 42 Update: qt6-qtscxml-6.9.1-1.fc42
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
Fedora: Security Advisory for qt6-qtscxml (FEDORA-2024-bfb8617ba3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for qt5-qtscxml (FEDORA-2024-2e27372d4c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: qt5-qtscxml-5.15.14-1.fc40
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...
[SECURITY] Fedora 40 Update: qt6-qtscxml-6.7.1-1.fc40
The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...