CVE-2024-47532: Attributeerror Sandbox Leak
A wrapper class delegates attribute access using `getattr()` without handling `AttributeError`. In Python 3.10+, `AttributeError` instances include an `obj` attribute that contains the object being accessed. If the `getattr()` call is allowed to propagate an `AttributeError` from the wrapped object, untrusted code catching this exception can extract the wrap
Pythongreprules fetch cve-2024-47532-attributeerror-sandbox-leak --engine opengrepDescription
A wrapper class delegates attribute access using `getattr()` without handling `AttributeError`. In Python 3.10+, `AttributeError` instances include an `obj` attribute that contains the object being accessed. If the `getattr()` call is allowed to propagate an `AttributeError` from the wrapped object, untrusted code catching this exception can extract the wrap
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0