Vulnerability in Python that Allows Calling System Commands from Sandboxed Scripts

A method has been published for bypassing Python’s isolated code execution systems, based on the use of a long-known bug that appeared in Python 2.7, identified in 2012 and still not fixed in Python 3. The bug allows using specially linked Python code to initiate a call to already freed memory (Use-After-Free) in Python. Initially, it was assumed that the error does not pose a security threat and only in very rare cases, usually artificially created, can lead to an abnormal termination of the script.