65 matches found
python311-deepdiff-8.6.1-1.1 on GA media (moderate)
python311-deepdiff-8.6.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15536-1 Rating: moderate Cross-References: CVE-2025-58367 CVSS scores: CVE-2025-58367 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-58367 SUSE : 10...
SUSE CVE-2025-58367
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
OPENSUSE-SU-2025:15536-1 python311-deepdiff-8.6.1-1.1 on GA media
These are all security issues fixed in the python311-deepdiff-8.6.1-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2025-58367
A class pollution flaw has been discovered in the python DeepDiff library. Class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via insecure Pickle deserialization exploitation. The gadg...
CVE-2025-58367
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
DEBIAN-CVE-2025-58367
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
UBUNTU-CVE-2025-58367
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
CVE-2025-58367
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
CVE-2025-58367
CVE-2025-58367 affects the Python package DeepDiff (versions 5.0.0–8.6.0). The vulnerability arises from class pollution in the Delta class constructor and a gadget in DeltaDiff that lets an attacker modify deepdiff.serialization.SAFE_TO_IMPORT to permit dangerous classes (e.g., posix.system), en...
CVE-2025-58367 DeepDiff is vulnerable to DoS and Remote Code Execution via Delta class pollution
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
CVE-2025-58367 DeepDiff is vulnerable to DoS and Remote Code Execution via Delta class pollution
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
CVE-2025-58367
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
CVE-2025-58367 DeepDiff is vulnerable to DoS and Remote Code Execution via Delta class pollution
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...
DeepDiff 安全漏洞
DeepDiff is a Python library by the individual developer Sep Dehpour. A security vulnerability exists in DeepDiff 8.6.0 and earlier versions, which stems from Delta class prototype contamination and could lead to denial of service and remote code execution...
Class Pollution
Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Class Pollution via the Delta constructor and manipulation of the SAFETOIMPORT set. An attacker can execute...
aana (>=0.2.1 <=0.2.2), acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9) +487 more potentially affected by CVE-2025-58367 via deepdiff (>=5.0.1 <=8.6.0)
deepdiff PYPI version =5.0.1, =0.2.1, =0.1.7, =3.0.0b853, =0.1.0, =0.0.1, =0.1.0, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =2.8.5, =0.1.6, =0.2.0 and more Source cves: CVE-2025-58367 Source advisory: SNYK:PYTHON-DEEPDIFF-12485343...
GHSA-MW26-5G2V-HQW3 DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
Summary Python class pollution is a novel vulnerability categorized under CWE-915. The Delta class is vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it can lead to Denial of Service and Remote Code Execution via insecure Pickle...
aana (>=0.2.1 <=0.2.2), acdc-aws-etl-pipeline (>=0.1.7 <=0.5.9) +487 more potentially affected by CVE-2025-58367 via deepdiff (>=5.0.1 <=8.6.0)
deepdiff PYPI version =5.0.1, =0.2.1, =0.1.7, =3.0.0b853, =0.1.0, =0.0.1, =0.1.0, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =2.8.5, =0.1.6, =0.2.0 and more Source cves: CVE-2025-58367 Source advisory: OSV:GHSA-MW26-5G2V-HQW3...
Exploit for Improper Control of Dynamically-Managed Code Resources in Lightningai Pytorch_Lightning
CVE-2024-5452 01. RCE 와 pytorch-lightning 개요 - 1 RCE 와...
Remote code execution in pytorch lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...