CVE-2025-24359 – ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
https://notcve.org/view.php?id=CVE-2025-24359
24 Jan 2025 — ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the v... • https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507 • CWE-134: Use of Externally-Controlled Format String CWE-749: Exposed Dangerous Method or Function •
CVE-2024-56326 – Jinja has a sandbox breakout through indirect reference to format method
https://notcve.org/view.php?id=CVE-2024-56326
23 Dec 2024 — Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. ... After the fix, such indirect calls are also handled by the sandbox. ... El sandbox de Jinja capta llamadas a str.format y garantiza que no escapen de la sandbox. ... Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. ... After the fix, such indirect calls are also handled by the sandbox. • https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4 • CWE-693: Protection Mechanism Failure CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2024-56201 – Jinja has a sandbox breakout through malicious filenames
https://notcve.org/view.php?id=CVE-2024-56201
23 Dec 2024 — Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. ... In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. ... A bug in the Jinja compiler allows an attacker that controls both ... • https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVE-2024-54529 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54529
11 Dec 2024 — MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. • https://packetstorm.news/files/id/188787 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-55652 – PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters
https://notcve.org/view.php?id=CVE-2024-55652
11 Dec 2024 — Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. • https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2024-54149 – Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
https://notcve.org/view.php?id=CVE-2024-54149
09 Dec 2024 — Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. ... The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in versions... • https://github.com/wintercms/winter/commit/fb88e6fabde3b3278ce1844e581c87dcf7daee22 • CWE-184: Incomplete List of Disallowed Inputs •
CVE-2024-11114 – Debian Security Advisory 5817-1
https://notcve.org/view.php?id=CVE-2024-11114
12 Nov 2024 — Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html •
CVE-2024-51481 – Nix allows macOS sandbox escape via built-in builders
https://notcve.org/view.php?id=CVE-2024-51481
31 Oct 2024 — On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import <nix/fetchurl.nix>`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. ... The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. • https://github.com/NixOS/nix/commit/597fcc98e18e3178734d06a9e7306250e8cb8d74 • CWE-693: Protection Mechanism Failure •
CVE-2024-8923 – Sandbox Escape in Now Platform
https://notcve.org/view.php?id=CVE-2024-8923
29 Oct 2024 — ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes. ServiceNow has addressed an input validation vulnerability that was identified in the ... • https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-39205 – Pyload Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-39205
28 Oct 2024 — CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. • https://packetstorm.news/files/id/182692 •