Описание
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | code not present |
| devel | not-affected | 1:1.4.7-4 |
| gutsy | released | 1.2.6-1ubuntu2.5 |
| hardy | released | 1:1.4-1ubuntu0.1 |
| intrepid | released | 1:1.4.5-1ubuntu0.2 |
| upstream | released | 1:1.4.7-4 |
Показывать по
Ссылки на источники
9.3 Critical
CVSS2
Связанные уязвимости
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows rem ...
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
9.3 Critical
CVSS2