GHSA-m8j6-rc5x-wv36MediumCVSS 5.2Disclosed before NVD

nono-py's policy JSON accepts unknown security fields

Published
June 26, 2026
Last Modified
June 26, 2026

📋 Description

Summary

nono-py policy handling could fail open in two ways. First, resolving a policy-derived ProxyConfig did not automatically enforce CapabilitySet.proxy_only, allowing sandboxed children to bypass a resolved domain allowlist by using direct network access. Second, policy JSON accepted unknown security-sensitive fields, so misspelled or unsupported restrictions could be silently ignored.

Impact

A sandboxed child may receive broader network access than the policy author intended. This can allow outbound requests outside the configured proxy allowlist and may expose sensitive data depending on the execution environment and workload.

Older-kernel note

On Linux kernels without Landlock ABI v4 network rules, patched versions continue to support proxy-only enforcement through the seccomp supervisor fallback introduced in 807fb4b. Users on older kernels should ensure policy-resolved proxy configurations are coupled to CapabilitySet.proxy_only(proxy); merely injecting proxy environment variables is not sufficient.

🎯 Affected products1

  • pip/nono-py:<= 0.10.0

🔗 References (4)