EUVD-2025-199646

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...

backtest-reg (>=0.1.0 <=0.5.0), datacompy (>=0.10.0 <=0.14.4) +7 more potentially affected by CVE-2025-62703 via fugue (>=0.5.0.dev1 <=0.9.1)

fugue PYPI version =0.5.0.dev1, =0.1.0, =0.10.0, =0.1.7, =0.0.4, =0.5.0, =0.1.1, =0.1.2.dev3 Source cves: CVE-2025-62703 Source advisory: OSV:GHSA-XV5P-FJW5-VRJ6...

backtest-reg (>=0.1.0 <=0.5.0), datacompy (>=0.10.0 <=0.14.4) +7 more potentially affected by CVE-2025-62703 via fugue (>=0.5.0.dev1 <=0.9.1)

fugue PYPI version =0.5.0.dev1, =0.1.0, =0.10.0, =0.1.7, =0.0.4, =0.5.0, =0.1.1, =0.1.2.dev3 Source cves: CVE-2025-62703 Source advisory: SNYK:PYTHON-FUGUE-14121794...

fugue 代码问题漏洞

fugue is an open source unified interface for distributed computing by The Fugue Project. A code issue vulnerability exists in fugue 0.9.2 and earlier versions, which stems from FlaskRPCServer remote code execution via pickle deserialization...