Restricted Python injection

Crafted URL allows arbitrary (sandboxed) Python to be run

The danger here is quite low, as it does not allow the user to elevate her privileges, it merely allows excessively expensive operations to be performed. In conjunction with other attacks it could be used to extract or modify privileged information.

Information for security researchers

CVE Identifier: CVE-2012-5495
Impact Subscore: 2.9
Exploitability Subscore: 10
Overall CVSS Score: 3.7
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:O/RC:C)
CWE: CWE-95

The danger here is quite low, as it does not allow the user to elevate her privileges, it merely allows excessively expensive operations to be performed. In conjunction with other attacks it could be used to extract or modify privileged information.