GHSA-XV5P-FJW5-VRJ6 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...

PT-2025-48089

Name of the Vulnerable Software and Affected Versions Fugue versions 0.9.2 and earlier Description Fugue is a unified interface for distributed computing. A remote code execution issue exists due to insecure deserialization of data using cloudpickle.loads within the decode function in...