9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
33.4%
restrictedpython is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly restrict access to stack frames and attributes which allows an attacker to access the RestrictedPython environment and create code that receives the current stack frame from a generator, resulting in a sandbox breakout.
CPE | Name | Operator | Version |
---|---|---|---|
restrictedpython | le | 5.3a1.dev0 | |
restrictedpython | le | 6.0 | |
restrictedpython | le | 5.3a1.dev0 | |
restrictedpython | le | 6.0 |
github.com/advisories/GHSA-wqc8-x2pr-7jqh
github.com/zopefoundation/RestrictedPython/commit/bf956a4bdd5fd1a8a4ca5fceee561cea50b05645
github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531
github.com/zopefoundation/RestrictedPython/commit/d8c5aa72c5d0ec8eceab635d93d6bc8321116002
github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh