12 matches found
CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
DEBIAN-CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
Deserialization of untrusted data
DISPUTED Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for...
CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...
CVE-2021-35196
Manuskript ≤ 0.12.0 is affected by insecure deserialization via pickle.load() in settings.py, enabling remote code execution through a crafted settings.pickle inside a project file. The vendor notes the product is not intended for untrusted project files. Exploitation details, affected components...
PT-2021-4272 · Unknown +1 · Manuskript +1
Name of the Vulnerable Software and Affected Versions: Manuskript versions 0.12.0 and earlier Description: The issue is related to insecure deserialization via the pickle.load function in settings.py, allowing remote attackers to execute arbitrary code by crafting a settings.pickle file in a...
Manuskript 代码问题漏洞
Manuskript is an open source writing tool. A code issue vulnerability exists in Manuskript version 0.12.0 and prior versions that allows remote attackers to execute arbitrary code...