restrictedpython@5.3 vulnerabilities

RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.

latest version

7.4
latest non vulnerable version

7.4
first published

17 years ago
latest version published

2 months ago
licenses detected
- ZPL-2.1
  [0,)
View restrictedpython package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the restrictedpython package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Uncaught Exception RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment. Affected versions of this package are vulnerable to Uncaught Exception in `_AttributeDelegator`, which allows attackers to expose `string` data associated with an `AttributeError.obj`. How to fix Uncaught Exception? Upgrade `RestrictedPython` to version 7.3 or higher.	[,7.3)
H Access Control Bypass RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment. Affected versions of this package are vulnerable to Access Control Bypass via the `format` and `format_map` methods of `str` (and `unicode`) and `string.Formatter`. An attacker can lead to critical information disclosure by controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects the attacker can access. How to fix Access Control Bypass? Upgrade `RestrictedPython` to version 5.4, 6.2 or higher.	[,5.4) [6.0,6.2)

Uncaught Exception

RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.

Affected versions of this package are vulnerable to Uncaught Exception in _AttributeDelegator, which allows attackers to expose string data associated with an AttributeError.obj.

How to fix Uncaught Exception?

Upgrade RestrictedPython to version 7.3 or higher.

[,7.3)

Access Control Bypass

RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.

Affected versions of this package are vulnerable to Access Control Bypass via the format and format_map methods of str (and unicode) and string.Formatter. An attacker can lead to critical information disclosure by controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects the attacker can access.

How to fix Access Control Bypass?

Upgrade RestrictedPython to version 5.4, 6.2 or higher.

[,5.4) [6.0,6.2)

Go back to all versions of this package

restrictedpython@5.3 vulnerabilities

RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities