Vulnerability Details CVE-2024-47532
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.9%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-47532
-
cpe:2.3:a:zope:restrictedpython:-
-
cpe:2.3:a:zope:restrictedpython:3.0.0
-
cpe:2.3:a:zope:restrictedpython:3.2.0
-
cpe:2.3:a:zope:restrictedpython:3.4.0
-
cpe:2.3:a:zope:restrictedpython:3.4.1
-
cpe:2.3:a:zope:restrictedpython:3.4.2
-
cpe:2.3:a:zope:restrictedpython:3.4.3
-
cpe:2.3:a:zope:restrictedpython:3.5.0
-
cpe:2.3:a:zope:restrictedpython:3.5.1
-
cpe:2.3:a:zope:restrictedpython:3.5.2
-
cpe:2.3:a:zope:restrictedpython:3.6.0
-
cpe:2.3:a:zope:restrictedpython:4.0
-
cpe:2.3:a:zope:restrictedpython:5.0
-
cpe:2.3:a:zope:restrictedpython:5.1
-
cpe:2.3:a:zope:restrictedpython:5.2
-
cpe:2.3:a:zope:restrictedpython:5.3
-
cpe:2.3:a:zope:restrictedpython:5.4
-
cpe:2.3:a:zope:restrictedpython:6.0
-
cpe:2.3:a:zope:restrictedpython:6.1
-
cpe:2.3:a:zope:restrictedpython:6.2