| タイトル | AntaresMugisho PyBlade v0.1.8-alpha through v0.2.0-alph Code Injection |
|---|
| 説明 | This code is vulnerable to CWE-94: Code Injection and CWE-1336: Template Engine Injection due to unsafe expression evaluation in template rendering.
The vulnerability affects v0.1.8-alpha through v0.2.0-alpha through two different mechanisms:
v0.1.8-alpha and v.0.1.9-alpha: The _is_safe_ast() function in sandbox.py contains a logic flaw. The attribute whitelist check only validates ast.Name nodes (e.g., str.method) but bypasses ast.Constant nodes (e.g., ''.__class__), allowing access to dangerous Python magic methods.
v0.2.0-alpha: The evaluator.py file uses eval() directly without any AST validation, providing no security checks at all.
This allows an attacker to achieve Remote Code Execution (RCE) through Python's object model by accessing __class__, __mro__, and __subclasses__ chains. |
|---|
| ソース | ⚠️ https://github.com/AntaresMugisho/PyBlade/issues/1 |
|---|
| ユーザー | zhangxinyu06 (UID 96407) |
|---|
| 送信 | 2026年03月19日 10:42 (18 日 ago) |
|---|
| モデレーション | 2026年04月04日 15:54 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355329 [AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha AST Validation sandbox.py _is_safe_ast 特権昇格] |
|---|
| ポイント | 20 |
|---|