提交 #777623: HuggingFace smolagents 1.25.0.dev0 CWE-693信息

标题	HuggingFace smolagents 1.25.0.dev0 CWE-693
描述	# Technical Details A Sandbox Escape via Augmented Assignment Dunder Read Bypass exists in the evaluate_augassign() function in src/smolagents/local_python_executor.py (lines 652-654) of smolagents. This is an incomplete fix for CVE-2025-9959. The CVE-2025-9959 fix added a dunder attribute access block in evaluate_attribute (line 390), but evaluate_augassign contains its own internal helper get_current_value that reads attribute values through a completely independent code path using raw getattr() without any dunder check. Similarly, the set_value function (line 822) writes attributes via raw setattr() without any dunder check. # Vulnerable Code File: src/smolagents/local_python_executor.py (lines 652-654) Method: evaluate_augassign.get_current_value() Why: Uses raw getattr(obj, target.attr) to read attribute values without checking for dunder attributes. This bypasses the dunder block in evaluate_attribute. File: src/smolagents/local_python_executor.py (lines 820-822) Method: set_value() Why: Uses raw setattr(obj, target.attr, value) to write attribute values without checking for dunder attributes, allowing __code__ overwrite. # Reproduction 1. Install smolagents (pip install smolagents). 2. Create a LocalPythonExecutor instance. 3. Execute code that uses augmented assignment on __code__ (e.g., victim.__code__ += Trap()) - this bypasses the dunder check. 4. The Trap class uses __radd__ to capture the code object, then constructs a malicious CodeType with RCE bytecode. 5. Overwrite the victim function's __code__ with the malicious code and call it - achieves arbitrary command execution. # Impact - Full Remote Code Execution on the host system. - Any smolagents CodeAgent using default LocalPythonExecutor is vulnerable. - Exploitable via prompt injection in content the agent processes.
来源	⚠️ https://gist.github.com/YLChen-007/7146f45960f79bc1e2976fed526e0a9b
用户	Eric-z (UID 95890)
提交	2026-03-11 14時23分 (19 日前)
管理	2026-03-27 09時18分 (16 days later)
状态	已接受
VulDB条目	353840 [huggingface smolagents 1.25.0.dev0 Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_augassign/evaluate_call/evaluate_with 权限提升]
积分	20

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!