nono-py@0.9.0

Python bindings for nono capability-based sandboxing

  • latest version

    0.11.0

  • latest non vulnerable version

  • first published

    4 months ago

  • latest version published

    6 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the nono-py package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insecure Default Initialization of Resource

    nono-py is a Python bindings for nono capability-based sandboxing

    Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to improper enforcement of access restrictions in the proxy process. An attacker can gain unauthorized network access by exploiting the default configuration, which allows unrestricted outbound connections through the proxy even when restrictive policies are set.

    How to fix Insecure Default Initialization of Resource?

    Upgrade nono-py to version 0.11.0 or higher.

    [,0.11.0)
    • M
    Access Control Bypass

    nono-py is a Python bindings for nono capability-based sandboxing

    Affected versions of this package are vulnerable to Access Control Bypass due to the policy JSON accepting unknown security-sensitive fields and the failure to automatically enforce CapabilitySet.proxy_only when resolving a policy-derived ProxyConfig. An attacker can gain unauthorized network access by crafting policies with unsupported or misspelled restrictions, potentially allowing outbound requests outside the intended proxy allowlist.

    How to fix Access Control Bypass?

    Upgrade nono-py to version 0.10.1 or higher.

    [,0.10.1)
    • M
    Protection Mechanism Failure

    nono-py is a Python bindings for nono capability-based sandboxing

    Affected versions of this package are vulnerable to Protection Mechanism Failure in the sandboxed_exec process when running on Linux kernels lacking Landlock network support. An attacker can access sensitive network resources and potentially retrieve cloud metadata credentials by bypassing proxy enforcement through removal of proxy environment variables or use of raw sockets. This is only exploitable if the runtime is Linux, the kernel does not support Landlock network rules (pre-6.7), sandboxed_exec() is used, the capability set applies proxy_only(), and the child process removes or ignores proxy environment variables or uses raw sockets.

    How to fix Protection Mechanism Failure?

    Upgrade nono-py to version 0.10.1 or higher.

    [0.9.0,0.10.1)