The Python AI module in Wesnoth 1.4.x and 1.5 prior to 1.5.11 allows remote malicious users to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wesnoth wesnoth 1.4 |
||
wesnoth wesnoth 1.4.7 |
||
wesnoth wesnoth 1.5.0 |
||
wesnoth wesnoth 1.5.1 |
||
wesnoth wesnoth 1.5.8 |
||
wesnoth wesnoth 1.5.9 |
||
wesnoth wesnoth 1.4.6 |
||
wesnoth wesnoth 1.4.5 |
||
wesnoth wesnoth 1.5.2 |
||
wesnoth wesnoth 1.5.3 |
||
wesnoth wesnoth 1.5.10 |
||
wesnoth wesnoth 1.4.4 |
||
wesnoth wesnoth 1.4.3 |
||
wesnoth wesnoth 1.5.4 |
||
wesnoth wesnoth 1.5.5 |
||
wesnoth wesnoth 1.4.2 |
||
wesnoth wesnoth 1.4.1 |
||
wesnoth wesnoth 1.5.6 |
||
wesnoth wesnoth 1.5.7 |