Deserialization Of Untrusted Data

goodby-csv is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the presence of classes that can be used in a gadget chain enabling remote code execution when deserializing untrusted data in a vulnerable application...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview handcraftedinthealps/goodby-csv is a CSV import/export library Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the wakeup process. An attacker can execute arbitrary code by leveraging a gadget chain if...

handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution

Impact goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597 handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597

The CVE-2025-49597 entry concerns handcraftedinthealps/goodby-csv prior to version 1.4.3. It describes an insecure deserialization gadget chain that, if an application deserializes untrusted data due to another vulnerability, could be leveraged to achieve remote code execution. The issue is patch...

CVE-2025-49597 handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

CVE-2025-49597 handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

PT-2025-25443 · Unknown · Goodby-Csv

Name of the Vulnerable Software and Affected Versions: goodby-csv versions prior to 1.4.3 Description: The issue concerns an insecure deserialization vulnerability in the goodby-csv library, which can be used as part of a "gadget chain" to achieve remote code execution if an application...

Handcrafted in the Alps Goodby CSV 安全漏洞

Handcrafted in the Alps Goodby CSV is a Handcrafted in the Alps open source application. A security vulnerability exists in Handcrafted in the Alps Goodby CSV versions prior to 1.4.3, which stems from insecure deserialization and could lead to remote code execution...