PT-2026-38540 — Dynaconf

PT-2026-38540 · Pypi · Dynaconf

Published

2026-05-06

Updated

2026-05-06

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions python3-dynaconf versions prior to 3.1.7-2ubuntu0.24.04.1

Description Dynaconf incorrectly handles template evaluation within its string resolvers, which could allow a remote attacker to execute arbitrary code.

Recommendations Update python3-dynaconf to version 3.1.7-2ubuntu0.24.04.1 by running sudo pro fix USN-8231-1.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

USN-8231-1

Affected Products

Dynaconf

Related Identifiers

Affected Products

References · 3