2 matches found
Incomplete List of Disallowed Inputs
Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the validateplugincode function. An attacker can execute arbitrary system commands by...
GHSA-V3XV-8VC3-H2M6 PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution
Summary PySpector versions = 0.1.6 are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis to block dangerous API calls before a plugin is trusted and executed. However, the internal resolvename helper onl...