YAML parsing vulnerability in PyAnyAPI (before 0.6.1): Arbitrary Python command execution due to "load" instead of "safe_load"
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
Untrusted search path vuln in Portage < 2.1.4.5 lets local users run code via manipulated Python modules in certain ebuilds
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.
Arbitrary code execution in Open edX Ironwood 2.5 without CodeJail: Critical security flaw
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
Untrusted search path in Ghidra 9.0.4 allows code execution via cmd.exe
NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory.
SQLite-web CSRF attacks due to lack of source validation in SQL dashboard
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
XXE vulnerability in Plone 5.2.3: Allows XXE attacks via unapplied permission in plone.schemaeditor.ManageSchemata, limited to Manager role
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
Plone < 5.2.3 SSRF via Manager tracebacks
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
Plone < 5.2.3, XXE vuln, Manager role
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.
Pikepdf 1.3.0 to 2.9.2: XXE in XMP metadata
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
Python-kdcproxy < 0.3.2 allows remote DoS via large POST request
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
Introducing the "VAITP dataset": a specialized repository of Python vulnerabilities and patches, meticulously compiled for the use of the security research community. As Python's prominence grows, understanding and addressing potential security vulnerabilities become crucial. Crafted by and for the cybersecurity community, this dataset offers a valuable resource for researchers, analysts, and developers to analyze and mitigate the security risks associated with Python. Through the comprehensive exploration of vulnerabilities and corresponding patches, the VAITP dataset fosters a safer and more resilient Python ecosystem, encouraging collaborative advancements in programming security.
The supreme art of war is to subdue the enemy without fighting.
Sun Tzu – “The Art of War”
:: Shaping the future through research and ingenuity ::