26 matches found
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
datapizza-ai-cache-redis (=0.0.3), datapizza-ai-clients-anthropic (>=0.0.3 <=0.0.5) +21 more potentially affected by CVE-2026-2969 via datapizza-ai-core (>=0.0.1 <=0.0.26)
datapizza-ai-core PYPI version =0.0.1, =0.0.3, =0.0.2, =0.0.4, =0.0.4, =0.0.6, =0.0.6, =0.0.3, =0.0.3, =0.0.2, =0.0.2, =0.0.8 and more Source cves: CVE-2026-2969 Source advisory: SNYK:PYTHON-DATAPIZZAAICORE-15363212...
Improper Neutralization of Special Elements Used in a Template Engine
Overview datapizza-ai-core is a Core components for the datapizza-ai framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatPromptTemplate function that utilises Jinja2 Template. An attacker can execute...
Deserialization of Untrusted Data
Overview datapizza-ai-cache-redis is an An implementation using Redis for datapizza-ai cache Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the RedisCache function due to its usage of pickle.loads. An attacker can execute arbitrary code or manipulate...
GHSA-HG58-X52P-859C datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.7. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
datapizza-ai-parsers-azure (=0.0.2), datapizza-ai-parsers-docling (=0.0.2) +1 more potentially affected by CVE-2026-2969 via datapizza-ai-core (=0.0.1)
datapizza-ai-core PYPI version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on datapizza-ai-core and may be impacted: - datapizza-ai-parsers-azure =0.0.2 - datapizza-ai-parsers-docling =0.0.2 - datapizza-ai-tools-duckduckgo =0.0.2 Source cves:...
GHSA-Q5XX-FXV3-XXQF datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2970 datapizza-labs datapizza-ai cache.py RedisCache deserialization
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970 datapizza-labs datapizza-ai cache.py RedisCache deserialization
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970
The CVE-2026-2970 vulnerability affects datapizza-labs datapizza-ai cache code: RedisCache in datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Root cause is deserialization of untrusted data via pickle.loads(), leading to arbitrary code execution/data manipulation on the local network. Ex...
CVE-2026-2969 datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2969 datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...