8 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-13091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...
DEBIAN-CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...
CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...
0lever-utils (>=0.0.2 <=0.0.7), a2ml (>=0.1.0 <=0.5.0rc9) +1421 more potentially affected by CVE-2020-13091 via pandas (>=0.15.0 <=1.0.3)
pandas PYPI version =0.15.0, =0.0.2, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.3, =1.1.2, =0.1.7.3, =0.1.2, =0.26.0, =0.0.3, =1.0.11, =0.1.0, =0.2.8 - ai-flow =0.1.0 and more Source cves: CVE-2020-13091 Source advisory: OSV:PYSEC-2020-73...
CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibility to use...
CVE-2020-13091
CVE-2020-13091 affects pandas up to 1.0.3. The vulnerability stems from unsafe deserialization in read_pickle(), which can unserialize a payload and execute commands if reduce invokes os.system. The issue is contingent on using read_pickle() with an untrusted file. Third parties dispute the sever...