VulnerableCode Package Details - pkg:pypi/restrictedpython@6.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-6x2q-q619-mqbu Aliases: CVE-2025-22153 GHSA-gmj9-h825-chq2	RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except` clauses. No known workarounds are available.	8.0 Affected by 0 other vulnerabilities.
VCID-tg66-8sv3-z7d1 Aliases: CVE-2024-47532 GHSA-5rfv-66g4-jr8h PYSEC-2024-186	RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.	7.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6x2q-q619-mqbu
Aliases:
CVE-2025-22153
GHSA-gmj9-h825-chq2

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.

8.0
Affected by 0 other vulnerabilities.

VCID-tg66-8sv3-z7d1
Aliases:
CVE-2024-47532
GHSA-5rfv-66g4-jr8h
PYSEC-2024-186

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.

7.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-d9g9-8zuq-7ffv	RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.	CVE-2023-41039 GHSA-xjw2-6jm9-rf67 PYSEC-2023-159

Vulnerability

Summary

Aliases

VCID-d9g9-8zuq-7ffv

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-41039
GHSA-xjw2-6jm9-rf67
PYSEC-2023-159

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:26:47.606717+00:00	GHSA Importer	Fixing	VCID-d9g9-8zuq-7ffv	https://github.com/advisories/GHSA-xjw2-6jm9-rf67	38.6.0
2026-06-12T19:50:47.234986+00:00	GitLab Importer	Affected by	VCID-6x2q-q619-mqbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/RestrictedPython/CVE-2025-22153.yml	38.6.0
2026-06-12T19:41:40.473330+00:00	GitLab Importer	Affected by	VCID-tg66-8sv3-z7d1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/RestrictedPython/CVE-2024-47532.yml	38.6.0
2026-06-12T15:46:53.820025+00:00	GitLab Importer	Fixing	VCID-d9g9-8zuq-7ffv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/RestrictedPython/CVE-2023-41039.yml	38.6.0
2026-06-12T07:58:32.875747+00:00	GithubOSV Importer	Fixing	VCID-d9g9-8zuq-7ffv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-xjw2-6jm9-rf67/GHSA-xjw2-6jm9-rf67.json	38.6.0
2026-06-12T04:19:08.873647+00:00	Pypa Importer	Affected by	VCID-tg66-8sv3-z7d1	https://github.com/pypa/advisory-database/blob/main/vulns/restrictedpython/PYSEC-2024-186.yaml	38.6.0
2026-06-12T04:16:55.937023+00:00	Pypa Importer	Fixing	VCID-d9g9-8zuq-7ffv	https://github.com/pypa/advisory-database/blob/main/vulns/restrictedpython/PYSEC-2023-159.yaml	38.6.0
2026-06-11T21:03:01.092037+00:00	PyPI Importer	Affected by	VCID-tg66-8sv3-z7d1	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T21:00:31.288474+00:00	PyPI Importer	Fixing	VCID-d9g9-8zuq-7ffv	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0