4 matches found
CVE-2025-71355 Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...
CVE-2025-71355
CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...
asteval 1.06 Arbitrary Code Execution / Sandbox Escape Vulnerabilities
An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...
asteval 1.06 Arbitrary Code Execution / Sandbox Escape
An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...