37 matches found
PYSEC-2023-238
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files...
GHSA-X563-6HQV-26MR Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...
Deserialization Of Untrusted Data
pyarrow is vulnerable to Deserialization Of Untrusted Data. The vulnerability due to the Arrow IPC, Feather or Parquet data from untrusted sources as the library does not by default disable the PyExtensionType autoloading. This allows an attacker to create PyArrow-specific extension types which...
GHSA-5WVP-7F3H-6WMM PyArrow: Arbitrary code execution when loading a malicious data file
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
a2ml (>=0.3.1 <=0.5.3), abi-ds-utils (=1.2.4) +763 more potentially affected by CVE-2023-47248 via pyarrow (>=0.14.0 <=14.0.0)
pyarrow PYPI version =0.14.0, =0.3.1, =2.0.4, =0.0.1a1, =0.1.0, =0.1.0, =0.1.7, =0.0.2, =80.4.6, =80.8.5 - alectio-sdk =0.6.8 and more Source cves: CVE-2023-47248 Source advisory: OSV:GHSA-5WVP-7F3H-6WMM...
PyArrow: Arbitrary code execution when loading a malicious data file
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
Deserialization of untrusted data
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-47248
CVE-2023-47248 affects PyArrow IPC/Parquet readers (versions 0.14.0–14.0.0); unsafe deserialization allows arbitrary code execution when processing untrusted Arrow IPC/Feather/Parquet data. The NVD entry and multiple vendor advisories (IBM, CIRCL, Nuclei template) confirm remote code execution vi...
biggerquery (=0.6.0.dev27), cartoframes (=1.0.0rc1) +11 more potentially affected by CVE-2019-12408 via pyarrow (>=0.14.0 <=0.15.0)
pyarrow PYPI version =0.14.0, =1.4.2, =0.1.1, =1.7.3, =0.4.5, =0.20.0, =2019.10.0, =0.1.1, =0.22.0, =0.24.1 - pyomnisci =25.0.0rc1 Source cves: CVE-2019-12408 Source advisory: OSV:GHSA-8CW2-JV5C-C825...
azureml-designer-classic-modules (>=0.0.105 <=0.0.112), azureml-designer-core (>=0.0.21 <=0.0.29) +39 more potentially affected by CVE-2019-12410 via pyarrow (>=0.12.0 <=0.15.0)
pyarrow PYPI version =0.12.0, =0.0.105, =0.0.21, =0.0.17, =0.0.36, =0.0.9, =1.0.48.1, =0.1.0, =1.4.2, =3.0.20190405035157, =0.1.0, =0.1.1, =0.1.3 and more Source cves: CVE-2019-12410 Source advisory: OSV:GHSA-CJW4-2W9R-R8MV...
azureml-designer-classic-modules (>=0.0.105 <=0.0.112), azureml-designer-core (>=0.0.21 <=0.0.29) +36 more potentially affected by CVE-2019-12410 via pyarrow (>=0.12.0 <=0.14.1)
pyarrow PYPI version =0.12.0, =0.0.105, =0.0.21, =0.0.17, =0.0.36, =0.0.9, =1.0.48.1, =0.1.0, =1.4.2, =3.0.20190405035157, =0.1.0, =0.1.1, =1.13.4, =1.15.1 and more Source cves: CVE-2019-12410 Source advisory: OSV:PYSEC-2019-196...
cartoframes (=1.0.0rc1), data-linter (=0.1.0) +8 more potentially affected by CVE-2019-12408 via pyarrow (>=0.14.0 <=0.14.1)
pyarrow PYPI version =0.14.0, =1.4.2, =0.1.1, =1.7.3, =0.4.5, =0.20.0, =2019.10.0, =0.1.1, =0.1.8 Source cves: CVE-2019-12408 Source advisory: OSV:PYSEC-2019-195...