SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox
If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples (found by @ByamB4): Any module where non-underscore attribute chains reach os or sys: os.path, pathlib, shutil, glob (direct .os / .sys attributes) statistics (has .sys) numpy (has .ctypeslib.os and .f2py.sys) …