Lucene search
K

8 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-503 pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...

9.8CVSS6.6AI score0.00761EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.6 views

CVE-2025-62515

pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation in the doaction method. The vulnerable code is locate...

9.8CVSS7.9AI score0.00761EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/10/20 1:44 p.m.273 views

Exploit for CVE-2025-62515

pyquokka-rce-poc !GitHub starshttps://img.shields.io/gith...

9.8CVSS8.6AI score0.00761EPSS
Exploits1
NVD
NVD
added 2025/10/17 9:15 p.m.16 views

CVE-2025-62515

pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation in the doaction method. The vulnerable code is locate...

9.8CVSS0.00761EPSS
Exploits1References1
OSV
OSV
added 2025/10/17 8:38 p.m.6 views

CVE-2025-62515 Remote Code Execution by Pickle Deserialization via FlightServer in pyquokka

pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation in the doaction method. The vulnerable code is locate...

9.8CVSS8.2AI score0.00761EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/17 8:38 p.m.9 views

CVE-2025-62515 Remote Code Execution by Pickle Deserialization via FlightServer in pyquokka

pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation in the doaction method. The vulnerable code is locate...

9.8CVSS0.00761EPSS
Exploits1References1
CVE
CVE
added 2025/10/17 8:38 p.m.16 views

CVE-2025-62515

CVE-2025-62515 affects pyquokka ≤ 0.3.1. The FlightServer’s do_action() deserializes untrusted data with Python’s unsafe pickle.loads(), specifically in pyquokka/flight.py around line 283, enabling arbitrary remote code execution when the server is exposed (e.g., binding to 0.0.0.0) and handling ...

9.8CVSS7.8AI score0.00761EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/17 6:8 p.m.5 views

EUVD-2025-34900

pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer...

9.8CVSS6.8AI score0.00761EPSS
Exploits1References4
Rows per page
Query Builder