Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
Vulnerability Description
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Vulnerability Title
RestrictedPython 安全漏洞
Vulnerability Description
RestrictedPython是Zope开源的一个帮助定义 Python 语言子集的工具,该子集允许将程序输入提供到受信任的环境中。 RestrictedPython存在安全漏洞,该漏洞源于在使用“try/except*”时出现类型混淆错误。
CVSS Information
N/A
Vulnerability Type
N/A