36 matches found
simpleeval 安全漏洞
SimpleEval is a Python expression security evaluation library developed by Daniel. Versions of SimpleEval prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of objects directly accessing dangerous modules within the sandbox through attributes. If...
Linux Distros Unpatched Vulnerability : CVE-2026-32640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to...
OPENSUSE-SU-2026:10373-1 python311-simpleeval-1.0.5-1.1 on GA media
These are all security issues fixed in the python311-simpleeval-1.0.5-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-32640
SimpleEval (Python) prior to v1.0.5 is vulnerable: objects passed as names can leak dangerous modules into the sandbox via attrs, and dangerous functions/modules could be accessed by passing them as callbacks to safe functions. The issue is fixed in v1.0.5. Root cause: improper handling of object...
CVE-2026-32640
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
CVE-2026-32640
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
EUVD-2026-12142
SimpleEval: Objects including modules can leak dangerous modules through to direct access inside the sandbox...
SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox
Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...
akurdyukov-tap-clickhouse (=0.0.1), asdjgasdghasdhjgasghd (=1.0.7) +81 more potentially affected by CVE-2026-32640 via simpleeval (>=0.9.1 <=1.0.4)
simpleeval PYPI version =0.9.1, =0.1.4, =0.1.0, =1.0.6, =0.0.5, =1.1.0, =0.1.3, =0.1.0, =0.3.0b1, =0.2.0, =0.1.0, =1.0.8 and more Source cves: CVE-2026-32640 Source advisory: OSV:GHSA-44VG-5WV2-H2HG...
evennia (>=1.0.0 <=6.0.0), fastapi-casbin-auth (>=1.3.0 <=1.5.0) +6 more potentially affected by CVE-2026-32640 via simpleeval (>=1.0.0 <=1.0.4)
simpleeval PYPI version =1.0.0, =1.0.0, =1.3.0, =2.8.0, =3.2.0, =1.0.0, =0.53.6, =0.54.0a10 Source cves: CVE-2026-32640 Source advisory: SNYK:PYTHON-SIMPLEEVAL-15610288...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview simpleeval is an A simple, safe single expression evaluator library. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the evaluation when objects passed as names contain modules or other disallowed objec...
GHSA-44VG-5WV2-H2HG SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox
Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...
PT-2026-25385
Name of the Vulnerable Software and Affected Versions SimpleEval versions prior to 1.0.5 Description SimpleEval is a Python library used for adding evaluatable expressions to projects. Before version 1.0.5, the library allowed dangerous modules to be accessed directly within the sandbox. This...