Pymanager
Monthly
pymanager allows local attackers to shadow legitimate Python modules by placing malicious modules in the current working directory, leading to arbitrary code execution when the application imports standard library or third-party modules. The vulnerability affects pymanager due to insecure sys.path manipulation that includes the current working directory with high priority, enabling privilege escalation or information disclosure depending on the affected module and execution context. No public exploit code has been identified, but the local attack vector with low complexity makes this a practical risk in shared or untrusted execution environments.
pymanager allows local attackers to shadow legitimate Python modules by placing malicious modules in the current working directory, leading to arbitrary code execution when the application imports standard library or third-party modules. The vulnerability affects pymanager due to insecure sys.path manipulation that includes the current working directory with high priority, enabling privilege escalation or information disclosure depending on the affected module and execution context. No public exploit code has been identified, but the local attack vector with low complexity makes this a practical risk in shared or untrusted execution environments.