26 matches found
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
Improper Neutralization of Special Elements Used in a Template Engine
Overview datapizza-ai-core is a Core components for the datapizza-ai framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatPromptTemplate function that utilises Jinja2 Template. An attacker can execute...
datapizza-ai-cache-redis (=0.0.3), datapizza-ai-clients-anthropic (>=0.0.3 <=0.0.5) +21 more potentially affected by CVE-2026-2969 via datapizza-ai-core (>=0.0.1 <=0.0.26)
datapizza-ai-core PYPI version =0.0.1, =0.0.3, =0.0.2, =0.0.4, =0.0.4, =0.0.6, =0.0.6, =0.0.3, =0.0.3, =0.0.2, =0.0.2, =0.0.8 and more Source cves: CVE-2026-2969 Source advisory: SNYK:PYTHON-DATAPIZZAAICORE-15363212...
Deserialization of Untrusted Data
Overview datapizza-ai-cache-redis is an An implementation using Redis for datapizza-ai cache Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the RedisCache function due to its usage of pickle.loads. An attacker can execute arbitrary code or manipulate...
datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
GHSA-HG58-X52P-859C datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.7. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
datapizza-ai-parsers-azure (=0.0.2), datapizza-ai-parsers-docling (=0.0.2) +1 more potentially affected by CVE-2026-2969 via datapizza-ai-core (=0.0.1)
datapizza-ai-core PYPI version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on datapizza-ai-core and may be impacted: - datapizza-ai-parsers-azure =0.0.2 - datapizza-ai-parsers-docling =0.0.2 - datapizza-ai-tools-duckduckgo =0.0.2 Source cves:...
GHSA-Q5XX-FXV3-XXQF datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2970
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970 datapizza-labs datapizza-ai cache.py RedisCache deserialization
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970 datapizza-labs datapizza-ai cache.py RedisCache deserialization
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high...
CVE-2026-2970
The CVE-2026-2970 vulnerability affects datapizza-labs datapizza-ai cache code: RedisCache in datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Root cause is deserialization of untrusted data via pickle.loads(), leading to arbitrary code execution/data manipulation on the local network. Ex...
CVE-2026-2969
CVE-2026-2969 affects datapizza-labs datapizza-ai 0.0.2, specifically the Jinja2 Template Handler’s ChatPromptTemplate in datapizza-ai-core/datapizza/modules/prompt/prompt.py. The vulnerability arises from manipulation of the Prompt argument that leads to improper neutralization of special elemen...
CVE-2026-2969
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...
CVE-2026-2969 datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...