Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/restrictedpython@4.0b3
Typepypi
Namespace
Namerestrictedpython
Version4.0b3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.0
Latest_non_vulnerable_version8.0
Affected_by_vulnerabilities
0
url VCID-d9g9-8zuq-7ffv
vulnerability_id VCID-d9g9-8zuq-7ffv
summary RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41039
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44612
published_at 2026-06-11T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44763
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41039
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41039
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41039
2
reference_url https://github.com/zopefoundation/RestrictedPython
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/RestrictedPython
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41039
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41039
4
reference_url https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120
reference_id 4134aedcff17c977da7717693ed89ce56d54c120
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:16:29Z/
url https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120
5
reference_url https://github.com/advisories/GHSA-xjw2-6jm9-rf67
reference_id GHSA-xjw2-6jm9-rf67
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjw2-6jm9-rf67
6
reference_url https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67
reference_id GHSA-xjw2-6jm9-rf67
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:16:29Z/
url https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67
7
reference_url https://usn.ubuntu.com/7355-1/
reference_id USN-7355-1
reference_type
scores
url https://usn.ubuntu.com/7355-1/
fixed_packages
0
url pkg:pypi/restrictedpython@5.4
purl pkg:pypi/restrictedpython@5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tg66-8sv3-z7d1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@5.4
1
url pkg:pypi/restrictedpython@6.0a1.dev0
purl pkg:pypi/restrictedpython@6.0a1.dev0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tg66-8sv3-z7d1
1
vulnerability VCID-ws8m-4s8a-1fdd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@6.0a1.dev0
2
url pkg:pypi/restrictedpython@6.2
purl pkg:pypi/restrictedpython@6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6x2q-q619-mqbu
1
vulnerability VCID-tg66-8sv3-z7d1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@6.2
3
url pkg:pypi/restrictedpython@7.0a1.dev0
purl pkg:pypi/restrictedpython@7.0a1.dev0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6x2q-q619-mqbu
1
vulnerability VCID-tg66-8sv3-z7d1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@7.0a1.dev0
aliases CVE-2023-41039, GHSA-xjw2-6jm9-rf67, PYSEC-2023-159
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d9g9-8zuq-7ffv
1
url VCID-tg66-8sv3-z7d1
vulnerability_id VCID-tg66-8sv3-z7d1
summary RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47532
reference_id
reference_type
scores
0
value 0.01117
scoring_system epss
scoring_elements 0.7868
published_at 2026-06-12T12:55:00Z
1
value 0.01117
scoring_system epss
scoring_elements 0.78614
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47532
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47532
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47532
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2024-186.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2024-186.yaml
3
reference_url https://github.com/zopefoundation/RestrictedPython
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/RestrictedPython
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084057
reference_id 1084057
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084057
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47532
reference_id CVE-2024-47532
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47532
6
reference_url https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6
reference_id d701cc36cccac36b21fa200f1f2d1945a9a215e6
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:26:28Z/
url https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6
7
reference_url https://github.com/advisories/GHSA-5rfv-66g4-jr8h
reference_id GHSA-5rfv-66g4-jr8h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rfv-66g4-jr8h
8
reference_url https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
reference_id GHSA-5rfv-66g4-jr8h
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-30T17:26:28Z/
url https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
9
reference_url https://usn.ubuntu.com/7355-1/
reference_id USN-7355-1
reference_type
scores
url https://usn.ubuntu.com/7355-1/
fixed_packages
0
url pkg:pypi/restrictedpython@7.3
purl pkg:pypi/restrictedpython@7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6x2q-q619-mqbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@7.3
aliases CVE-2024-47532, GHSA-5rfv-66g4-jr8h, PYSEC-2024-186
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tg66-8sv3-z7d1
2
url VCID-ws8m-4s8a-1fdd
vulnerability_id VCID-ws8m-4s8a-1fdd
summary RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare. The problem has been fixed in versions 6.1 and 5.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37271
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57804
published_at 2026-06-12T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57689
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37271
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37271
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2023-118.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2023-118.yaml
3
reference_url https://github.com/zopefoundation/RestrictedPython
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zopefoundation/RestrictedPython
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37271
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37271
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041429
reference_id 1041429
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041429
6
reference_url https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531
reference_id c8eca66ae49081f0016d2e1f094c3d72095ef531
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T17:09:29Z/
url https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531
7
reference_url https://github.com/advisories/GHSA-wqc8-x2pr-7jqh
reference_id GHSA-wqc8-x2pr-7jqh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqc8-x2pr-7jqh
8
reference_url https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh
reference_id GHSA-wqc8-x2pr-7jqh
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T17:09:29Z/
url https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh
9
reference_url https://usn.ubuntu.com/7355-1/
reference_id USN-7355-1
reference_type
scores
url https://usn.ubuntu.com/7355-1/
fixed_packages
0
url pkg:pypi/restrictedpython@5.3
purl pkg:pypi/restrictedpython@5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d9g9-8zuq-7ffv
1
vulnerability VCID-tg66-8sv3-z7d1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@5.3
1
url pkg:pypi/restrictedpython@6.1
purl pkg:pypi/restrictedpython@6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6x2q-q619-mqbu
1
vulnerability VCID-d9g9-8zuq-7ffv
2
vulnerability VCID-tg66-8sv3-z7d1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@6.1
aliases CVE-2023-37271, GHSA-wqc8-x2pr-7jqh, PYSEC-2023-118
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ws8m-4s8a-1fdd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/restrictedpython@4.0b3