19 matches found
PyArrow Flight RPC - Remote Code Execution
PyArrow Flight RPC from v0.14.0 through v14.0.0 allows remote attackers to execute arbitrary code via a maliciously crafted Python-defined extension type. id: CVE-2023-47248 info: name: PyArrow Flight RPC - Remote Code Execution author: smolse severity: critical description: | PyArrow Flight RPC...
Security Bulletin: PyArrow vulnerability affecting IBM Watson Studio in Cloud Pak for Data (CVE-2023-47248)
Summary PyArrow vulnerability in Runtimes 22.2 and Runtimes 23.1 components impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: Deserialization of untrusted data in IP...
CVE-2023-47248
creationtimestamp| type| source ---|---|--- 2025-03-05 21:01:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ljnutmfxed2z 2025-03-27 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-03-27 2025-05-26 00:00:00+00:00| exploited| The...
CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
Security Bulletin: Vulnerability in PyArrow Affects IBM watsonx.data
Summary PyArrow could allow a remote authenticated attacker to execute arbitrary code on the system. This can affect IBM watsonx.data Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: PyArrow is vulnerable to CVE-2023-47248 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses PyArrow which is vulnerable to CVE-2023-47248. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to PyArrow arbitrary code execution vulnerability ( CVE-2023-47248)
Summary Potential PyArrow arbitrary code execution vulnerability has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow...
Security Bulletin: Vulnerability in PyArrow affects IBM Process Mining CVE-2023-47248
Summary There is a vulnerability in PyArrow that could allow an attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION:...
Fedora: Security Advisory for python-geopandas (FEDORA-2023-8857bdcd95)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2023-1c5e667fd0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : python-geopandas (2023-c907492c3e)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c907492c3e advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
Fedora 39 : python-geopandas (2023-1c5e667fd0)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c5e667fd0 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
Fedora 37 : python-geopandas (2023-8857bdcd95)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8857bdcd95 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...
GHSA-X563-6HQV-26MR Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Impact Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability on...
a2ml (>=0.3.1 <=0.5.3), abi-ds-utils (=1.2.4) +756 more potentially affected by CVE-2023-47248 via pyarrow (>=0.14.0 <=14.0.0)
pyarrow PYPI version =0.14.0, =0.3.1, =2.0.4, =0.0.1a1, =0.1.0, =0.1.0, =0.1.7, =0.0.2, =80.4.6, =80.8.5 - alectio-sdk =0.6.8 and more Source cves: CVE-2023-47248 Source advisory: OSV:GHSA-5WVP-7F3H-6WMM...
CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-47248 PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-47248
CVE-2023-47248 affects PyArrow IPC/Parquet readers (versions 0.14.0–14.0.0); unsafe deserialization allows arbitrary code execution when processing untrusted Arrow IPC/Feather/Parquet data. The NVD entry and multiple vendor advisories (IBM, CIRCL, Nuclei template) confirm remote code execution vi...