CVE Details
Basic Information
| Title | Redash getattr python.py run_query sandbox |
|---|---|
| Type | cve |
| Published | 2025-06-09T11:00:14.520Z |
| Last Seen |
Product Information
| Vendor | n/a |
|---|---|
| Product | Redash |
| Version | 10.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in Redash up to versions 10.1.0 and 25.1.0 affects the run_query function, leading to a sandbox issue. The exploit is publicly known, and the vendor did not respond to disclosure. |
|---|---|
| AI Severity | High |
| Vendor | Redash |
| Product | Redash |
| Affected Version | 10.1.0, 25.1.0 |
Affected Products
- n/a Redash 10.0
- n/a Redash 10.1.0
- n/a Redash 25.0
- n/a Redash 25.1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-265, CWE-264 |
| Bulletin Family |
References
Description
A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.