CVE-2023-41039
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-41039
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41039.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-41039
- Aliases
- Related
- Published
- 2023-08-30T18:15:09Z
- Modified
- 2024-10-12T11:04:12.520267Z
- Severity
-
- 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With
RestrictedPython, the format functionality is available via theformatandformat_mapmethods ofstr(andunicode) (accessed either via the class or its instances) and viastring.Formatter. All known versions ofRestrictedPythonare vulnerable. This issue has been addressed in commit4134aedcff1which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability. - References
Affected packages
Debian:11 / restrictedpython
Package
- Name
- restrictedpython
- Purl
- pkg:deb/debian/restrictedpython?arch=source
Debian:12 / restrictedpython
Package
- Name
- restrictedpython
- Purl
- pkg:deb/debian/restrictedpython?arch=source
Debian:13 / restrictedpython
Package
- Name
- restrictedpython
- Purl
- pkg:deb/debian/restrictedpython?arch=source