Linaro LAVA (before 2022.11.1) RCE via user Jinja2 template in device config validation
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
Pyshop <0.7.1 allows code execution via insecure HTTP package downloads
pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation.
LangChain 0.0.131's LLMMathChain is vulnerable to arbitrary code execution via Python exec method through prompt injection attacks
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
Arbitrary code execution in Langchain v0.0.199 via PALChain in python exec method
An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.
YAML loading in OwlMixin before 2.0.0a12 allows Python command execution due to improper use of "load" instead of "safe_load"
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.
Heap overflow in Sqreen PyMiniRacer < 0.3.0 allows remote attacks, potentially leading to heap corruption
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
Python code injection in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 via "delete_cpes_by_ids" function
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
Contentful Python (pre-2020-05-21) reflected XSS via 'api' parameter in the-example-app.py
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
Plex Media Server on Windows: Remote code execution via Python deserialization
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
Eval vulnerability in Djblets 0.7.21 and Beanbag Review Board before 1.7.15 allows JSON request parsing
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
Introducing the "VAITP dataset": a specialized repository of Python vulnerabilities and patches, meticulously compiled for the use of the security research community. As Python's prominence grows, understanding and addressing potential security vulnerabilities become crucial. Crafted by and for the cybersecurity community, this dataset offers a valuable resource for researchers, analysts, and developers to analyze and mitigate the security risks associated with Python. Through the comprehensive exploration of vulnerabilities and corresponding patches, the VAITP dataset fosters a safer and more resilient Python ecosystem, encouraging collaborative advancements in programming security.
The supreme art of war is to subdue the enemy without fighting.
Sun Tzu – “The Art of War”
:: Shaping the future through research and ingenuity ::