Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-47532

UNKNOWN
Published 2024-09-30T15:29:57.907Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-47532. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

zopefoundation

RestrictedPython

Affected Versions:

< 7.3
zope

restrictedpython

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

RestrictedPython information leakage via `AttributeError.obj` and the `string` module

GHSA-5rfv-66g4-jr8h

Advisory Details

### Impact A user can gain access to protected (and potentially sensible) information indirectly via `AttributeError.obj` and the `string` module. ### Patches The problem will be fixed in version 7.3. ### Workarounds If the application does not require access to the module `string`, it can remove it from `RestrictedPython.Utilities.utility_builtins` or otherwise do not make it available in the restricted execution environment.

Affected Packages

PyPI RestrictedPython
ECOSYSTEM: ≥0 <7.3

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

WEB https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-47532
WEB https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6
WEB https://github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2024-186.yaml
PACKAGE https://github.com/zopefoundation/RestrictedPython

Advisory provided by GitHub Security Advisory Database. Published: September 30, 2024, Modified: January 21, 2025

References

https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6
Published: 2024-09-30T15:29:57.907Z
Last Modified: 2024-09-30T17:29:29.522Z
Copied to clipboard!