| शीर्षक | langflow-ai langflow 1.8.4 Command Injection |
|---|
| विवरण | The `CodeParser.parse_callable_details()` method extracts the annotation string via `ast.unparse()` when parsing function return type annotations and directly passes it to `eval()` for execution. The execution environment (`eval_env`) for `eval()` is constructed by `construct_eval_env()`, but `__builtins__ = {}` is never set.
The Python specification stipulates: When the globals dict passed to eval() does not contain the __builtins__ key, the Python interpreter automatically adds the full builtins module. As a result, all built-in functions such as __import__, open, exec, and eval can be used in the eval environment.
We can embed malicious expressions (such as __import__('os').popen('cmd').read()) in the return type annotations of functions within custom component code. When the CodeParser processes this code, the eval() function will execute the expression directly. |
|---|
| स्रोत | ⚠️ https://www.yuque.com/yuqueyonghuqy8yu4/ghuay4/ylrgoyyfrucp8opo?singleDoc=#g4kyb |
|---|
| उपयोगकर्ता | limshow (UID 92836) |
|---|
| सबमिशन | 07/04/2026 05:09 PM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 06:06 PM (25 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360857 [langflow-ai langflow तक 1.8.4 Full Builtins code_parser.py CodeParser.parse_callable_details अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|