CVE-2023-41039

Summary

CVE-2023-41039 is a critical information disclosure vulnerability affecting RestrictedPython, a restricted execution environment for Python. The issue lies in Python's "format" functionality, which can be exploited to access objects with recursive attribute lookup and subscription. This can lead to the disclosure of sensitive information. All versions of RestrictedPython are reportedly vulnerable, and there are no known workarounds. The vulnerability has been addressed in commit 4134aedcff1, which has been included in the 5.4 and 6.2 releases. It is strongly recommended that users upgrade to these versions to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.