mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-04-16 16:02:36 +00:00
0c10f13c90
CRITICAL SECURITY FIX ===================== Vulnerability: Sandbox escape in CodeInterpreterTool fallback leads to host RCE Impact: - Removed bypassable Python sandbox that could be escaped via object introspection - Attackers could previously execute arbitrary code on host when Docker unavailable Changes: - Removed SandboxPython class entirely (insecure by design) - Removed run_code_in_restricted_sandbox() fallback method - Implemented fail-safe behavior: raises RuntimeError when Docker unavailable - Fixed command injection in unsafe_mode library installation (os.system -> subprocess) - Enhanced security warnings and documentation Security Model: - Safe mode (default): Requires Docker, fails safely if unavailable - Unsafe mode: Explicit opt-in, clear warnings, no protections Breaking Change: - Code execution now requires Docker or explicit unsafe_mode=True - Previous silent fallback to vulnerable sandbox is removed Testing: - Updated all tests to reflect new fail-safe behavior - Added tests for Docker unavailable scenarios - Verified subprocess usage for library installation Refs: F-001, SECURITY_FIX_F001.md Docs: https://docs.crewai.com/en/tools/ai-ml/codeinterpretertool Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com>