11 matches found
CVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
CVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
CVE-2026-25632
EPyT-Flow (Python) prior to version 0.16.1 is affected by a deserialization vulnerability in its REST API. The issue stems from a custom deserializer (my_load_from_json) that honors a type field, allowing attacker-supplied module/class imports and instantiation during JSON parsing, which can trig...
CVE-2026-25632 EPyT-Flow has unsafe JSON deserialization (__type__)
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
CVE-2026-25632 EPyT-Flow has unsafe JSON deserialization (__type__)
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
CVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
EUVD-2026-5576
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
EPyT-Flow 代码问题漏洞
EPyT-Flow is an open-source Python package developed by ERC Synergy Grant Water Futures, designed for generating hydraulic and water quality scenario data for water distribution networks. Versions of EPyT-Flow prior to 0.16.1 contained code vulnerabilities. These vulnerabilities stemmed from the...
Deserialization of Untrusted Data
Overview epyt-flow is an EPyT-Flow -- EPANET Python Toolkit - Flow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the type parameter in myloadfromjson. An attacker can execute arbitrary code by supplying a malicious JSON body containing a type field that...
GHSA-74VM-8FRP-7W68 EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)
Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...
PT-2026-6657
Name of the Vulnerable Software and Affected Versions EPyT-Flow versions prior to 0.16.1 Description EPyT-Flow is a Python package used for generating hydraulic and water quality scenario data for water distribution networks. The REST API parses attacker-controlled JSON request bodies using a...