CVE-2023-37271

Name of the Vulnerable Software and Affected Versions RestrictedPython versions prior to 5.3 RestrictedPython versions prior to 6.1

Description The issue allows an attacker with access to a RestrictedPython environment to write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk, particularly those where administrators allow untrusted users to create or edit certain object types.

Recommendations For versions prior to 5.3, update to version 5.3 or later. For versions prior to 6.1, update to version 6.1 or later. If you cannot upgrade to the latest release, ensure the RestrictedPython environment is only available for trusted users.