13 matches found
CVE-2025-62703
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...
CVE-2025-62703
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...
EUVD-2025-199646
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...
CVE-2025-62703 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...
CVE-2025-62703
CVE-2025-62703 affects Fugue up to version 0.9.2, where the RPC server’s FlaskRPCServer decodes data with cloudpickle.loads() without sanitization, enabling remote code execution through crafted pickle payloads. The issue lies in the _decode() function in fugue/rpc/flask.py, allowing deserializat...
CVE-2025-62703 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...
CVE-2025-62703 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...
backtest-reg (>=0.1.0 <=0.5.0), datacompy (>=0.10.0 <=0.14.4) +7 more potentially affected by CVE-2025-62703 via fugue (>=0.5.0.dev1 <=0.9.1)
fugue PYPI version =0.5.0.dev1, =0.1.0, =0.10.0, =0.1.7, =0.0.4, =0.5.0, =0.1.1, =0.1.2.dev3 Source cves: CVE-2025-62703 Source advisory: OSV:GHSA-XV5P-FJW5-VRJ6...
backtest-reg (>=0.1.0 <=0.5.0), datacompy (>=0.10.0 <=0.14.4) +7 more potentially affected by CVE-2025-62703 via fugue (>=0.5.0.dev1 <=0.9.1)
fugue PYPI version =0.5.0.dev1, =0.1.0, =0.10.0, =0.1.7, =0.0.4, =0.5.0, =0.1.1, =0.1.2.dev3 Source cves: CVE-2025-62703 Source advisory: SNYK:PYTHON-FUGUE-14121794...
GHSA-XV5P-FJW5-VRJ6 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...
fugue 代码问题漏洞
fugue is an open source unified interface for distributed computing by The Fugue Project. A code issue vulnerability exists in fugue 0.9.2 and earlier versions, which stems from FlaskRPCServer remote code execution via pickle deserialization...
PT-2025-48089
Name of the Vulnerable Software and Affected Versions Fugue versions 0.9.2 and earlier Description Fugue is a unified interface for distributed computing. A remote code execution issue exists due to insecure deserialization of data using cloudpickle.loads within the decode function in...