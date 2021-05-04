Vigil@nce - Python: audit bypass via exceptions

May 2021 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/computer-vulne...

SYNTHESIS OF THE VULNERABILITY

Impacted products: Python.

Severity: 1/4.

Consequences: disguisement.

Provenance: user shell.

Confidence: confirmed by the editor (5/5).

Creation date: 04/05/2021.

DESCRIPTION OF THE VULNERABILITY

An attacker can raise exception to run code without triggering audit calls, in order to bypass possible access control checks or logging.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...