Information Disclosure

2023-09-0406:21:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

restrictedpython

information disclosure

python

format functionality

data reading

sensitive information

attacker

critical information

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

EPSS

0.001

Percentile

31.8%

JSON

RestrictedPython is vulnerable to Information Disclosure. The vulnerability arises due to the format functionality in Python which allows someone controlling the format string to “read” data from objects, including sensitive information. This vulnerability could potentially allow an attacker to reveal critical information.