python-statemachine · IA Squad

Skip to content

python · python-statemachineCritical

python-statemachine 3.1.2: Arbitrary code execution via SCXML data expression eval

python-statemachine 3.1.2 evaluates <data expr="..."> attributes in SCXML documents using Python's eval(), allowing arbitrary code

19 Jun 2026 · act now