10 matches found
EUVD-2025-18696
Malicious code in bioql PyPI...
CVE-2025-6279
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/addtool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may ...
PYSEC-2025-68
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/addtool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may ...
GHSA-CJ47-QJ6G-X7R4 vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
ai-flow Deserialization of Untrusted Data vulnerability
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
Deserialization of untrusted data
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960 flink-extended ai-flow workflow_command.py cloudpickle.loads deserialization
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960
CVE-2024-0960 affects the open-source framework flink-extended ai-flow 0.3.1 . The vulnerability targets the function cloudpickle.loads within the file ai_flow/cli/commands/workflow_command.py , enabling a deserialization flaw. According to connected sources, the attack can be launched remotely o...