mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-04-07 11:38:16 +00:00
fb2323b3de
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
Nightly Canary Release / Check for new commits (push) Has been cancelled
Nightly Canary Release / Build nightly packages (push) Has been cancelled
Nightly Canary Release / Publish nightly to PyPI (push) Has been cancelled
* [SECURITY] Fix sandbox escape vulnerability in CodeInterpreterTool (F-001) This commit addresses a critical security vulnerability where the CodeInterpreterTool could be exploited via sandbox escape attacks when Docker was unavailable. Changes: - Remove insecure fallback to restricted sandbox in run_code_safety() - Now fails closed with RuntimeError when Docker is unavailable - Mark run_code_in_restricted_sandbox() as deprecated and insecure - Add clear security warnings to SandboxPython class documentation - Update tests to reflect secure-by-default behavior - Add test demonstrating the sandbox escape vulnerability - Update README with security requirements and best practices The previous implementation would fall back to a Python-based 'restricted sandbox' when Docker was unavailable. However, this sandbox could be easily bypassed using Python object introspection to recover the original __import__ function, allowing arbitrary module access and command execution on the host. The fix enforces Docker as a requirement for safe code execution. Users who cannot use Docker must explicitly enable unsafe_mode=True, acknowledging the security risks. Security Impact: - Prevents RCE via sandbox escape when Docker is unavailable - Enforces fail-closed security model - Maintains backward compatibility via unsafe_mode flag References: - https://docs.crewai.com/tools/ai-ml/codeinterpretertool Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> * Add security fix documentation for F-001 Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> * Add Slack summary for security fix Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> * Delete SECURITY_FIX_F001.md * Delete SLACK_SUMMARY.md * chore: regen cassettes * chore: regen more cassettes * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> Co-authored-by: Greyson LaLonde <greyson@crewai.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>