{"id":"UBUNTU-CVE-2024-47532","details":"RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment.","modified":"2026-02-04T03:20:36.072090Z","published":"2024-09-30T16:15:00Z","related":["USN-7355-1"],"upstream":["CVE-2024-47532"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-47532"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-47532"},{"type":"REPORT","url":"https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h"},{"type":"REPORT","url":"https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7355-1"}],"affected":[{"package":{"name":"restrictedpython","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/restrictedpython@4.0~b3-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0~b3-2ubuntu0.1~esm1"}]}],"versions":["4.0~b3-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.0~b3-2ubuntu0.1~esm1","binary_name":"python3-restrictedpython"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-47532.json"}},{"package":{"name":"restrictedpython","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/restrictedpython@4.0~b3-3ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0~b3-3ubuntu0.1~esm1"}]}],"versions":["4.0~b3-2","4.0~b3-2ubuntu1","4.0~b3-3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.0~b3-3ubuntu0.1~esm1","binary_name":"python3-restrictedpython"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-47532.json"}},{"package":{"name":"restrictedpython","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/restrictedpython@6.2-1ubuntu0.24.04.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.2-1ubuntu0.24.04.1~esm1"}]}],"versions":["4.0~b3-3","6.2-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"6.2-1ubuntu0.24.04.1~esm1","binary_name":"python3-restrictedpython"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-47532.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}