296,336
Total vulnerabilities in the database
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
| Software | From | Fixed in |
|---|---|---|
| wesnoth / wesnoth | 1.5.6 | 1.5.6.x |
| wesnoth / wesnoth | 1.4.6 | 1.4.6.x |
| wesnoth / wesnoth | 1.5.4 | 1.5.4.x |
| wesnoth / wesnoth | 1.5.10 | 1.5.10.x |
| wesnoth / wesnoth | 1.4.5 | 1.4.5.x |
| wesnoth / wesnoth | 1.5.3 | 1.5.3.x |
| wesnoth / wesnoth | 1.4.1 | 1.4.1.x |
| wesnoth / wesnoth | 1.5.7 | 1.5.7.x |
| wesnoth / wesnoth | 1.5.8 | 1.5.8.x |
| wesnoth / wesnoth | 1.5.9 | 1.5.9.x |
| wesnoth / wesnoth | 1.5.0 | 1.5.0.x |
| wesnoth / wesnoth | 1.5.5 | 1.5.5.x |
| wesnoth / wesnoth | 1.4 | 1.4.x |
| wesnoth / wesnoth | 1.5.1 | 1.5.1.x |
| wesnoth / wesnoth | 1.4.3 | 1.4.3.x |
| wesnoth / wesnoth | 1.4.2 | 1.4.2.x |
| wesnoth / wesnoth | 1.4.4 | 1.4.4.x |
| wesnoth / wesnoth | 1.4.7 | 1.4.7.x |
| wesnoth / wesnoth | 1.5.2 | 1.5.2.x |