RestrictedPython information leakage via `AttributeError.obj` and the `string` module
Description
RestrictedPython 7.2 and earlier allow information disclosure via AttributeError.obj and the string module to bypass access controls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
RestrictedPython 7.2 and earlier allow information disclosure via AttributeError.obj and the string module to bypass access controls.
Vulnerability
RestrictedPython is a restricted execution environment that compiles Python code to prevent access to dangerous operations. In versions prior to 7.3, a user can gain access to protected and potentially sensitive information indirectly via AttributeError.obj and the string module [1][4]. The root cause is that the string module exposes attribute access that, when combined with the handling of AttributeError objects, can leak details about restricted objects.
Exploitation
An attacker can craft untrusted Python code that triggers an AttributeError on a restricted object. The error object’s obj attribute reveals the object that caused the error, thereby leaking internal references. By leveraging the string module (e.g., its Formatter class), an adversary can systematically probe attributes of that object to extract information that should be hidden by the restricted environment [4]. No authentication or special privileges are needed—the attack only requires the ability to execute untrusted code within a RestrictedPython sandbox.
Impact
Successful exploitation allows an attacker to enumerate protected attributes of objects that would otherwise be inaccessible. This can lead to disclosure of confidential data, internal application state, or other sensitive information that the restricted environment was intended to protect [1][4].
Mitigation
The vulnerability is fixed in RestrictedPython version 7.3 [1][4]. As a workaround, if the application does not require access to the string module, it can be removed from RestrictedPython.Utilities.utility_builtins or otherwise not made available in the restricted execution environment [1][4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
RestrictedPythonPyPI | < 7.3 | 7.3 |
Affected products
2- Range: < 7.3
Patches
2dc6c38f4da03Preparing release 7.3
2 files changed · +2 −2
CHANGES.rst+1 −1 modified@@ -1,7 +1,7 @@ Changes ======= -7.3 (unreleased) +7.3 (2024-09-30) ---------------- - Increase the safety level of ``safer_getattr`` allowing applications to use
setup.py+1 −1 modified@@ -30,7 +30,7 @@ def read(*rnames): ] setup(name='RestrictedPython', - version='7.3.dev0', + version='7.3', url='https://github.com/zopefoundation/RestrictedPython', license='ZPL 2.1', description=(
d701cc36cccaMerge commit from fork
3 files changed · +18 −3
CHANGES.rst+2 −0 modified@@ -10,6 +10,8 @@ Changes it as ``getattr`` implementation. Such use should now follow the same policy and give the same level of protection as direct attribute access in an environment based on ``RestrictedPython``'s ``safe_builtints``. +- Prevent information leakage via ``AttributeError.obj`` + and the ``string`` module. 7.2 (2024-08-02)
src/RestrictedPython/Utilities.py+5 −1 modified@@ -29,7 +29,11 @@ def __getattr__(self, attr): if attr in self.__excludes: raise NotImplementedError( f"{self.__mod.__name__}.{attr} is not safe") - return getattr(self.__mod, attr) + try: + return getattr(self.__mod, attr) + except AttributeError as e: + e.obj = self + raise utility_builtins['string'] = _AttributeDelegator(string, "Formatter")
tests/builtins/test_utilities.py+11 −2 modified@@ -7,8 +7,17 @@ def test_string_in_utility_builtins(): from RestrictedPython.Utilities import utility_builtins # we no longer provide access to ``string`` itself, only to - # a restricted view of it - assert utility_builtins['string'].__name__ == string.__name__ + # a restricted view of it (``rstring``) + rstring = utility_builtins['string'] + assert rstring.__name__ == string.__name__ + + # ensure it does not provide access to ``string`` via + # ``AttributeError.obj`` + try: + rstring.unexisting_attribute + except AttributeError as e: + assert e.obj is rstring + def test_math_in_utility_builtins():
Vulnerability mechanics
Root cause
"The `_AttributeDelegator.__getattr__` method does not override the `obj` attribute of the `AttributeError` exception, leaking the unrestricted module reference."
Attack vector
An attacker who can execute restricted Python code can access the `string` module from `RestrictedPython.Utilities.utility_builtins`. By attempting to access a non-existent attribute on the restricted `string` object (e.g., `string.unexisting_attribute`), the resulting `AttributeError` exception carries an `obj` attribute that points to the underlying unrestricted `string` module [CWE-200]. This leaks the real module object, which may expose protected or sensitive information that the restricted environment was designed to hide.
Affected code
The vulnerability resides in `src/RestrictedPython/Utilities.py` within the `_AttributeDelegator.__getattr__` method. When an attribute access fails on the wrapped module, the original `AttributeError` is raised with `e.obj` pointing to the underlying unrestricted module object (`self.__mod`), leaking the real module reference. The `string` module is exposed through `utility_builtins['string']` as an `_AttributeDelegator` instance.
What the fix does
The patch in [patch_id=1710246] modifies the `_AttributeDelegator.__getattr__` method in `Utilities.py` to catch `AttributeError` exceptions raised by `getattr(self.__mod, attr)`. When caught, it sets `e.obj = self` (the delegator wrapper) before re-raising, so the exception's `obj` attribute no longer leaks the underlying unrestricted module. The test in `tests/builtins/test_utilities.py` verifies this behavior by asserting that `e.obj` is the restricted wrapper (`rstring`) rather than the real `string` module.
Preconditions
- inputThe attacker must be able to execute arbitrary Python code within a RestrictedPython environment that includes the 'string' module in utility_builtins.
- configThe application must not have removed the 'string' module from utility_builtins as a workaround.
Generated on May 23, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-5rfv-66g4-jr8hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47532ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2024-186.yamlghsaWEB
- github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6ghsax_refsource_MISCWEB
- github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8hghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.