CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.3%
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote
attackers to escape the sandbox and execute arbitrary code by using a
whitelisted module that imports an unsafe module, then using a hierarchical
module name to access the unsafe module through the whitelisted module.