Deserialization of Untrusted Data

Overview pyquokka is a Quokka Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the doaction function in the flight.py file. An attacker can execute arbitrary code on the server by sending maliciously crafted serialized data through the network interface...

pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...

GHSA-F74J-GFFQ-VM9P pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...

Quokka 代码问题漏洞

Quokka is an open source content management framework written in Python. A code issue vulnerability exists in quokka 0.3.1 and earlier versions, which stems from the FlightServer class directly deserializing operation data from a Flight client using pickle.loads in the doaction method, which coul...

WordPress PropertyHive plugin <= 1.4.25 - Unvalidated Input to do_action()

Unvalidated Input to doaction vulnerability found in WordPress PropertyHive plugin versions = 1.4.25. Solution 2018 December 7 - This plugin was closed on November 30, 2018 and is no longer available for download...

PropertyHive <= 1.4.25 - Unvalidated Input to do_action()

According to the plugin's changelog: "Corrected potential vulnerability picked up by WordPress causing plugin to be removed from plugin repository."...