Vulnerability Details : CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Vulnerability category: Information leak
Products affected by CVE-2023-41039
- cpe:2.3:a:zope:restrictedpython:*:*:*:*:*:*:*:*
- cpe:2.3:a:zope:restrictedpython:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-41039
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-41039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
3.1
|
4.0
|
NIST | |
8.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L |
1.7
|
6.0
|
GitHub, Inc. |
CWE ids for CVE-2023-41039
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-41039
-
https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120
Merge pull request from GHSA-xjw2-6jm9-rf67 · zopefoundation/RestrictedPython@4134aed · GitHubPatch
-
https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67
Sandbox escape via various forms of "format". · Advisory · zopefoundation/RestrictedPython · GitHubVendor Advisory
Jump to