4 matches found
CVE-2026-9147
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...
CVE-2026-9147 uproot 5.7.4 and prior Code Injection via TStreamerInfo Metadata
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...
CVE-2026-9147
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...
CVE-2026-9147
CVE-2026-9147 affects uproot 5.7.4 and prior. The issue arises when uproot dynamically generates Python class source code from ROOT TStreamerInfo records and compiles it at runtime. Some file-controlled streamer metadata fields (e.g., streamer element names) are interpolated into the generated Py...