---

Vulnerability in Python that Allows Calling System Commands from Sandboxed Scripts

A method has been published for bypassing Python’s isolated code execution systems, based on the use of a long-known bug that appeared in Python 2.7, identified in 2012 and still not fixed in Python 3. The bug allows using specially linked Python code to initiate a call to already freed memory (Use-After-Free) in Python. Initially, it was assumed that the error does not pose a security threat and only in very rare cases, usually artificially created, can lead to an abnormal termination of the script.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis