Rewrite the
Missing authentication on dangerous API endpoint
The flaw is rather straightforward and stems from the fact that one API endpoint called /api/v1/validate/code had missing authentication checks and passed code to the Python exec function. However, it didn’t run exec directly on functions, but on function definitions, which make functions available for execution but don’t execute their code.
Because of this, the Horizon3.ai researchers had to come up with an alternative exploitation method leveraging a Python feature called decorators, which “are functions that return functions that wrap other functions.”
The proof-of-concept published by Horizon3.ai on April 9 leverages decorators to achieve remote code execution, but the researchers note that a third-party researcher also achieved the same by abusing another feature of Python functions called default arguments.
in well organized HTML format with all tags properly closed. Create appropriate headings and subheadings to organize the content. Ensure the rewritten content is approximately 1500 words. Do not include the title and images. please do not add any introductory text in start and any Note in the end explaining about what you have done or how you done it .i am directly publishing the output as article so please only give me rewritten content. At the end of the content, include a “Conclusion” section and a well-formatted “FAQs” section.
