Did you know ... Search Documentation:
Security Vulnerability in Pengines
0 upvotes 0 0 downvotes
Picture of user Anne Ogborn.

This weekend Vladislav Zorov reported a vulnerability in pengine sandboxing.

This vulnerability allows any user who can create a pengine to execute unconstrained prolog code, including process_create.

The vulnerability can be triggered simply by loading pengines.

This vulnerability was patched with commit

https://github.com/SWI-Prolog/swipl-devel/commit/a22442fc82fd468f02abb7a19958bb3007dc585b

We recommend all pengines users upgrade to this release or later.

Big thanks to Vladislav.

Back to fresh news items