4 matches found
CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...
Skops 安全漏洞
Skops is a Python library from the Skops project that helps share scikit-learn-based models and put them into production. A security vulnerability exists in Skops 0.11.0 and earlier versions, which stems from OperatorFuncNode inconsistencies and could lead to arbitrary code execution...
GHSA-M7F4-HRC6-FWG3 Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...
PT-2025-30943
Vulnerability Summary Name of the Vulnerable Software and Affected Versions skops versions 0.11.0 and below Description skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the OperatorFuncNode allows exploitation to hide the execution of untruste...