cbcvebase.
CVE-2024-47532
published 2024-09-30

CVE-2024-47532: RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible)…

PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.73%
49.5th percentile
RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianrestrictedpython< restrictedpython 8.0-1 (forky)restrictedpython 8.0-1 (forky)
zoperestrictedpython< 7.37.3
zopefoundationrestrictedpython< 7.37.3
zopefoundationrestrictedpython>= 0 < 8.0-18.0-1
zopefoundationrestrictedpython>= 0 < 8.0-18.0-1
zopefoundationrestrictedpython>= 0 < 7.37.3
zopefoundationrestrictedpython>= 0 < 4.0~b3-2ubuntu0.1~esm14.0~b3-2ubuntu0.1~esm1
zopefoundationrestrictedpython>= 0 < 4.0~b3-3ubuntu0.1~esm14.0~b3-3ubuntu0.1~esm1
zopefoundationrestrictedpython>= 0 < 6.2-1ubuntu0.24.04.1~esm16.2-1ubuntu0.24.04.1~esm1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv9.9CRITICAL
vendor_debian8.7HIGH
vendor_ubuntu8.4HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.