Lucene search
PRIOn knowledge basePRION:CVE-2019-12760HistoryJun 06, 2019 - 7:29 p.m.
Deserialization of untrusted data
2019-06-0619:29:00
PRIOn knowledge base
www.prio-n.com
3
0.001 Low
EPSS
Percentile
48.2%
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because “the cache directory is not under control of the attacker in any common configuration.”
Related
osv
osv
PYSEC-2019-109
2019-06-06 19:29:00
veracode
veracode
Arbitrary Code Execution
2019-06-07 08:11:52
github
github
Deserialization vulnerability exists in parso
2019-06-13 16:12:57
ubuntucve
ubuntucve
CVE-2019-12760
2019-06-06 00:00:00
cvelist
cvelist
CVE-2019-12760
2019-06-06 18:55:03
vulnrichment
vulnrichment
CVE-2019-12760
2019-06-06 18:55:03
nvd
nvd
CVE-2019-12760
2019-06-06 19:29:00
debiancve
debiancve
CVE-2019-12760
2019-06-06 19:29:00
cve
cve
CVE-2019-12760
2019-06-06 19:29:00