Pypi · Restrictedpython · CVE-2023-54345
**Name of the Vulnerable Software and Affected Versions**
Frappe Framework ERPNext version 13.4.0
**Description**
A sandbox escape in RestrictedPython allows authenticated users with the System Manager role to execute arbitrary code through frame introspection. An attacker can create a server script using the '/app/server-script' endpoint and access the `gi frame` attribute to traverse the call stack and invoke `os.popen()` to execute system commands.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.