17 matches found
SUSE CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
apna-experiment-sdk (>=0.1.0 <=0.4.10), askui (>=0.22.12 <=0.34.0) +39 more potentially affected by CVE-2026-31072 via apscheduler (>=4.0.0a2 <=4.0.0a6)
apscheduler PYPI version =4.0.0a2, =0.1.0, =0.22.12, =1.0.1, =3.8.0, =1.3.0, =3.0.0a0, =0.1.5, =2.0.5, =0.15.1, =0.0.3, =0.1.0rc0, =2.0.0, =8.4.0, =8.7.0 and more Source cves: CVE-2026-31072 Source advisory: SNYK:PYTHON-APSCHEDULER-16787181...
Deserialization of Untrusted Data
Overview APScheduler is an In-process task scheduler with Cron-like capabilities Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unmarshalobject function in the JSONSerializer and CBORSerializerserializers. An attacker can exploit this by submitting a...
apna-experiment-sdk (>=0.1.0 <=0.4.10), askui (>=0.22.12 <=0.34.0) +39 more potentially affected by CVE-2026-31072 via apscheduler (>=4.0.0a2 <=4.0.0a6)
apscheduler PYPI version =4.0.0a2, =0.1.0, =0.22.12, =1.0.1, =3.8.0, =1.3.0, =3.0.0a0, =0.1.5, =2.0.5, =0.15.1, =0.0.3, =0.1.0rc0, =2.0.0, =8.4.0, =8.7.0 and more Source cves: CVE-2026-31072 Source advisory: OSV:GHSA-9CFW-F3F9-7MM7...
GHSA-9CFW-F3F9-7MM7 APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
A flaw was found in APScheduler, affecting its JSONSerializer and CBORSerializer components. This vulnerability, known as insecure deserialization, allows a remote attacker to execute arbitrary code on the system. By sending a specially crafted data payload, an attacker can manipulate the...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
DEBIAN-CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
UBUNTU-CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
apscheduler 安全漏洞
apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...
PT-2026-41945
Name of the Vulnerable Software and Affected Versions APScheduler affected versions not specified Description The JSONSerializer and CBORSerializer are subject to Remote Code Execution RCE through insecure deserialization. The unmarshal object function enables arbitrary class instantiation and...
CVE-2026-31072
The vulnerability CVE-2026-31072 affects APScheduler’s JSONSerializer and CBORSerializer across all versions (including 3.10.x and 4.0.0a5). The root cause is insecure deserialization: the unmarshal_object function can instantiate arbitrary classes and inject state by dynamically importing module...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...