58 matches found
CVE-2021-47952
CVE-2021-47952 affects python jsonpickle 2.0.0 and describes a remote code execution vulnerability through deserialization of JSON payloads containing py/repr objects. The attack leverages directives that invoke eval during deserialization to execute system commands and arbitrary code, with high-...
Jsonpickle 代码注入漏洞
Jsonpickle is a software developed by the individual who created Jsonpickle, designed for Python to serialize Python objects into JSON format. Version 2.0.0 of jsonpickle contains a code injection vulnerability. This vulnerability stems from deserialization issues, allowing attackers to execute...
PT-2026-41450
Name of the Vulnerable Software and Affected Versions jsonpickle version 2.0.0 Description An issue exists where attackers can execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. This occurs because crafted JSON strings with py/repr directives ca...
EUVD-2025-23928
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-22083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that...
CVE-2025-55136
ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...
Emotion Recognition in Coversation 代码问题漏洞
Emotion Recognition in Coversation is an application by the individual developer Taewoon Kim. A code issue vulnerability exists in Emotion Recognition in Coversation version 0.3 and earlier, which stems from the use of jsonpickle leading to unsafe deserialization...
CVE-2025-55136
ERC (Emotion Recognition in Conversation) up to version 0.3 is affected by insecure deserialization via jsonpickle when handling serialized objects. The vulnerability arises from unsafe deserialization in the serialization path. Public mentions in Red Hat, NVD, OSV, and PT-Security records confir...
CVE-2025-55136
ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...
CVE-2025-55136
ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...
PT-2025-32270 · Erc · Erc
Name of the Vulnerable Software and Affected Versions: ERC aka Emotion Recognition in Conversation versions through 0.3 Description: ERC aka Emotion Recognition in Conversation is susceptible to insecure deserialization due to the use of jsonpickle when handling serialized objects. Recommendation...
CVE-2025-55136
ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...
Deserialization of Untrusted Data
Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPickleSerializer process. An attacker can execute arbitrary code by submitting specially crafted serialized data that triggers the...
LlamaIndex 安全漏洞
LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex versions 0.12.27 to 0.12.40, which stems from insecure deserialization of the JsonPickleSerializer component and could lead to remote code execution...
PT-2025-4790 · Nuclio +1 · Nuclio +1
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.26.0 Description: The issue allows an attacker with an account on an affected CVAT instance to run arbitrary code in the context of the Nuclio function container. This affects CVAT...
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in the deserialization mechanism. This allows attackers to execute arbitrary code.
The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to...
PT-2024-9365 · Splunk · Splunk Secure Gateway App +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Secure Gateway app versions prior to 3.4.261 Splunk Secure Gateway app versions prior to 3.7.13 Description:...
SUSE CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +188 more potentially affected by CVE-2020-22083 via jsonpickle (>=0.7.1 <=1.4.2)
jsonpickle PYPI version =0.7.1, =1.0.0, =2.0.0, =0.1.2, =4.0.0, =1.1.4, =2.4.0, =2.5.0 - apimaticcalculatorlatest =4.0.0 - apimaticcalculatorpythonv6demo =1.0.2 and more Source cves: CVE-2020-22083 Source advisory: OSV:GHSA-J66Q-QMRC-89RX...
GHSA-J66Q-QMRC-89RX jsonpickle unsafe deserialization
jsonpickle through 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode function. This CVE is disputed by the project author as intended functionality...