Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/07/26 3:29 a.m.6 views

CVE-2025-54412 skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

8.7CVSS7.2AI score0.00137EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/26 12:0 a.m.7 views

Skops 安全漏洞

Skops is a Python library from the Skops project that helps share scikit-learn-based models and put them into production. A security vulnerability exists in Skops 0.11.0 and earlier versions, which stems from OperatorFuncNode inconsistencies and could lead to arbitrary code execution...

8.7CVSS7.3AI score0.00137EPSS
Exploits0References3
OSV
OSV
added 2025/07/25 7:17 p.m.6 views

GHSA-M7F4-HRC6-FWG3 Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution

Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...

8.7CVSS7.2AI score0.00138EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.12 views

PT-2025-30943

Vulnerability Summary Name of the Vulnerable Software and Affected Versions skops versions 0.11.0 and below Description skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the OperatorFuncNode allows exploitation to hide the execution of untruste...

8.7CVSS6.6AI score0.00137EPSS
Exploits0References15
Rows per page
Query Builder