Path traversal in themanojdesai python-a2a <= 0.5.5, api.py create_workflow.
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.
XWiki: Macro parameter default value executes with elevated rights, allows code injection.
XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the children macro that is used in a page that has programming right like the page XWiki.ChildrenMacro and thus allows arbitrary script macros. This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro's author when the parameter's value is the default value.
Gradio SSRF in DownloadButton allows local resource access.
In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.
Redash <=10.1.0/25.1.0 getattr Handler in python.py allows sandbox escape.
A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Jinja2 template injection allows secret exposure/data modification in Nautobot.
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
FastGPT sandbox escape allows arbitrary file access and import bypass.
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
InvenTree label-sheet plugin DoS via unbounded "skip" field, leading to memory exhaustion.
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.
TarFile extracts filtered members despite errorlevel=0, against documentation.
When using a TarFile.errorlevel = 0ย and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0ย in affected versions is that the member would still be extracted and not skipped.
Tarfile allows symlink escapes & metadata changes when extracting archives.
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfileย module to extract untrusted tar archives using TarFile.extractall()ย or TarFile.extract()ย using the filter=ย parameter with a value of "data"ย or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter ย for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter=ย changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Tarfile allows symlink escape & metadata modification when extracting archives.
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfileย module to extract untrusted tar archives using TarFile.extractall()ย or TarFile.extract()ย using the filter=ย parameter with a value of "data"ย or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter ย for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter=ย changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Introducing the "VAITP dataset": a specialized repository of Python vulnerabilities and patches, meticulously compiled for the use of the security research community. As Python's prominence grows, understanding and addressing potential security vulnerabilities become crucial. Crafted by and for the cybersecurity community, this dataset offers a valuable resource for researchers, analysts, and developers to analyze and mitigate the security risks associated with Python. Through the comprehensive exploration of vulnerabilities and corresponding patches, the VAITP dataset fosters a safer and more resilient Python ecosystem, encouraging collaborative advancements in programming security.
The supreme art of war is to subdue the enemy without fighting.
Sun Tzu – “The Art of War”
:: Shaping the future through research and ingenuity ::