RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
CVE-2023-37271

8.4HIGH

Key Information:

Vendor
CVE Published:
11 July 2023

What is CVE-2023-37271?

RestrictedPython is designed to limit the execution of Python code within a secure, controlled environment. A significant vulnerability exists in versions prior to 6.1 and 5.3 due to insufficient checks on stack frame access. This flaw allows an attacker with access to the RestrictedPython environment to extract the current stack frame through a generator, enabling them to traverse beyond the sandbox's boundaries. Consequently, this could lead to arbitrary code execution within the Python interpreter. This issue particularly impacts deployments in Zope and Plone where administrators inadvertently permit untrusted users to alter or create certain object types like 'Script (Python)', 'DTML Method', or 'Zope Page Template'. It's advisable to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

RestrictedPython >= 6.0a1.dev0, < 6.1 < 6.0a1.dev0, 6.1

RestrictedPython < 5.3 < 5.3

References

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.