mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-07-06 23:49:24 +00:00
1.7 KiB
1.7 KiB
Security Fix: CodeInterpreterTool Sandbox Escape (F-001)
🔒 Critical Security Vulnerability Fixed
Vulnerability: Sandbox escape in CodeInterpreterTool fallback leads to host RCE
Impact: Attackers could execute arbitrary commands on the host when Docker was unavailable
✅ What Was Fixed
- Removed insecure fallback: The tool now requires Docker for safe execution and fails closed when Docker is unavailable
- Security-first approach: Users must explicitly enable
unsafe_mode=Trueif they cannot use Docker - Clear warnings: Added comprehensive documentation about the security requirements
📋 Changes
- Modified:
code_interpreter_tool.py- Removed insecure fallback, added RuntimeError when Docker unavailable - Modified:
test_code_interpreter_tool.py- Updated tests, added sandbox escape demonstration - Modified:
README.md- Added security requirements and best practices - Added:
SECURITY_FIX_F001.md- Complete vulnerability analysis and fix documentation
🔗 Links
- Branch:
cursor/code-interpreter-sandbox-escape-c0a3 - Commits:
6ee0cacd7,31ab821bb - Files Changed: 4 files, +317/-42 lines
🎯 For Users
Before (Insecure)
tool = CodeInterpreterTool() # Would silently fall back to bypassable sandbox
After (Secure)
# Requires Docker (recommended)
tool = CodeInterpreterTool()
# OR explicitly acknowledge risk
tool = CodeInterpreterTool(unsafe_mode=True) # Only for trusted code!
📚 Documentation
See SECURITY_FIX_F001.md for complete details including:
- Vulnerability description
- Proof of concept
- Migration guide
- Testing approach
Ready for review and merge to protect users from this critical RCE vulnerability.