2 matches found
box-oauth (>=0.2.5 <=0.3.1), cabrita (>=2.2.2b1 <=2.2.2b2) +15 more potentially affected by CVE-2019-12760 via parso (>=0.1.0 <=0.4.0)
parso PYPI version =0.1.0, =0.2.5, =2.2.2b1, =0.3.4, =0.2.0, =0.3.25, =0.5.3, =0.11.0, =0.1.7, =0.0.146, =0.1.0.dev0, =0.2.1, =0.3.3 and more Source cves: CVE-2019-12760 Source advisory: OSV:PYSEC-2019-109...
CVE-2019-12760
The CVE-2019-12760 entry describes a deserialization flaw in parso up to version 0.4.0, where grammar parsing from the cache uses pickle. If an attacker can write a malicious pickle to a cache grammar file and trigger parsing, Arbitrary Code Execution is possible. Note: multiple sources mark this...