2 matches found
PYSEC-2026-1926 Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time
Summary An inconsistency in MethodNode can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3, it i...
PT-2025-30944
Name of the Vulnerable Software and Affected Versions skops versions 0.11.0 and below skops versions prior to 12.0.0 Description skops is a Python library used for sharing and shipping scikit-learn based models. A vulnerability exists due to an inconsistency in the MethodNode component, allowing...