Vulnerability

Multiple sandbox escapes in asteval python sandboxing module

Posted by areca-palm via Fulldisclosure on Mar 11[CVE pending] Sandboxing Python is notoriously difficult, the Python module "asteval" is no exception. Add to this the fact that a large set of numpy functions are exposed within the sandbox by default. Versions

ThreatWatcherThreatWatcher
Mar 12, 2025 - 01:30
 0  10
Multiple sandbox escapes in asteval python sandboxing module

Posted by areca-palm via Fulldisclosure on Mar 11[CVE pending]

Sandboxing Python is notoriously difficult, the Python module "asteval" is no exception. Add to this the fact that a
large set of numpy functions are exposed within the sandbox by default.
Versions <=1.06 are vulnerable.
This vuln has been disclosed to the maintainer, who closed the security advisory and has since pushed his own fix to
master. A CVE is still pending. Publishing the vulnerability through this list...

Read More on SecLists

Tags:

Previous Article

Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks

Next Article

North Korean Lazarus hackers infect hundreds via npm packages

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

ThreatWatcher
ThreatWatcher

Related Posts

[webapps] Pimcore 11.4.2 - Stored cross site scripting

[webapps] Pimcore 11.4.2 - Stored cross site scripting

ThreatWatcher Apr 15, 2025  0  3

[hardware] Cosy+ firmware 21.2s7 - Command Injection

[hardware] Cosy+ firmware 21.2s7 - Command Injection

ThreatWatcher Apr 10, 2025  0  4

IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF)

IBMi Navigator / CVE-2024-51463 / Server Side Request F...

ThreatWatcher Dec 31, 2024  0  13