{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T07:26:28.435","vulnerabilities":[{"cve":{"id":"CVE-2025-24359","sourceIdentifier":"security-advisories@github.com","published":"2025-01-24T17:15:16.197","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is rooted in how `asteval` performs handling of `FormattedValue` AST nodes. In particular, the `on_formattedvalue` value uses the dangerous format method of the str class. The code allows an attacker to manipulate the value of the string used in the dangerous call `fmt.format(__fstring__=val)`. This vulnerability can be exploited to access protected attributes by intentionally triggering an `AttributeError` exception. The attacker can then catch the exception and use its `obj` attribute to gain arbitrary access to sensitive or protected object properties. Version 1.0.6 fixes this issue."},{"lang":"es","value":"ASTEVAL es un evaluador de expresiones y declaraciones de Python. Antes de la versión 1.0.6, si un atacante podía controlar la entrada de `asteval` librería, podía eludir las restricciones de asteval y ejecutar código Python arbitrario en el contexto de la aplicación utilizando tlibreríaary. La vulnerabilidad tiene su raíz en la forma en que `asteval` realiza el manejo de los nodos AST `FormattedValue`. En particular, el valor `on_formattedvalue` utiliza el método de formato peligroso de la clase str. El código permite a un atacante manipular el valor de la cadena utilizada en la llamada peligrosa `fmt.format(__fstring__=val)`. Esta vulnerabilidad se puede explotar para acceder a atributos protegidos activando intencionalmente una excepción `AttributeError`. El atacante puede entonces capturar la excepción y utilizar su atributo `obj` para obtener acceso arbitrario a propiedades de objetos confidenciales o protegidas. La versión 1.0.6 corrige este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-134"},{"lang":"en","value":"CWE-749"}]}],"references":[{"url":"https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507","source":"security-advisories@github.com"},{"url":"https://github.com/lmfit/asteval/security/advisories/GHSA-3wwr-3g9f-9gc7","source":"security-advisories@github.com"},{"url":"https://lucumr.pocoo.org/2016/12/29/careful-with-str-format","source":"security-advisories@github.com"}]}}]}