Lucene search
K

22 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in @zalastax/nolb-parso (npm)

The package @zalastax/nolb-parso was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-13014 Malicious code in @zalastax/nolb-parso (npm)

The package @zalastax/nolb-parso was found to contain malicious code...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-12760

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...

7.5CVSS7AI score0.01518EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2019/06/13 4:12 p.m.22 views

Deserialization vulnerability exists in parso

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

7.5CVSS7.6AI score0.01518EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2019/06/13 4:12 p.m.3 views

GHSA-22MF-97VH-X8RW Deserialization vulnerability exists in parso

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

9.2CVSS5.9AI score0.01518EPSS
Exploits1References6
Veracode
Veracode
added 2019/06/07 8:11 a.m.12 views

Arbitrary Code Execution

parso is vulnerable to arbitrary code execution. Due to the way grammer parsing is performed from the cache that relies on pickle, this allows deserialization of untrusted data which would allow an attacker to execute malicious code via a malicious pickle. Update: This CVE has since been disputed...

3.3CVSS7.9AI score0.01518EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2019/06/06 8:19 p.m.2 views

Deserialization of Untrusted Data

Amendment This was deemed not a vulnerability. Overview parso is a Python parser that supports error recovery and round-trip parsing for different Python versions. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A deserialization vulnerability exists in the...

7.5CVSS7AI score0.01518EPSS
Exploits1References2
PyPA
PyPA
added 2019/06/06 7:29 p.m.5 views

PYSEC-2019-109

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

7.5CVSS7AI score0.01518EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/06/06 7:29 p.m.5 views

CVE-2019-12760

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...

7.5CVSS3.9AI score
Exploits0References2
OSV
OSV
added 2019/06/06 7:29 p.m.3 views

UBUNTU-CVE-2019-12760

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

7.5CVSS5.8AI score0.01518EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2019/06/06 7:29 p.m.4 views

box-oauth (>=0.2.5 <=0.3.1), cabrita (>=2.2.2b1 <=2.2.2b2) +15 more potentially affected by CVE-2019-12760 via parso (>=0.1.0 <=0.4.0)

parso PYPI version =0.1.0, =0.2.5, =2.2.2b1, =0.3.4, =0.2.0, =0.3.25, =0.5.3, =0.11.0, =0.1.7, =0.0.146, =0.1.0.dev0, =0.2.1, =0.3.3 and more Source cves: CVE-2019-12760 Source advisory: OSV:PYSEC-2019-109...

7.5CVSS6.7AI score0.01518EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/06/06 7:29 p.m.17 views

CVE-2019-12760

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...

7.5CVSS6.7AI score0.01518EPSS
Exploits1References2
Prion
Prion
added 2019/06/06 7:29 p.m.13 views

Deserialization of untrusted data

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

6CVSS7.5AI score0.01518EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/06/06 7:29 p.m.11 views

CVE-2019-12760

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...

7.5CVSS7.6AI score0.01518EPSS
Exploits1References2
OSV
OSV
added 2019/06/06 7:29 p.m.21 views

PYSEC-2019-109

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

7.5CVSS5.4AI score0.01518EPSS
Exploits1References3
OSV
OSV
added 2019/06/06 7:29 p.m.12 views

PYSEC-2019-39

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

5.4AI score
Exploits0References2
OSV
OSV
added 2019/06/06 7:29 p.m.1 views

DEBIAN-CVE-2019-12760

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...

7.5CVSS6.2AI score0.01518EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2019/06/06 6:55 p.m.10 views

CVE-2019-12760

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...

6.8AI score0.01518EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/06/06 6:55 p.m.15 views

CVE-2019-12760

A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...

7.5CVSS5.6AI score0.01518EPSS
Exploits1
CVE
CVE
added 2019/06/06 6:55 p.m.188 views

CVE-2019-12760

The CVE-2019-12760 entry describes a deserialization flaw in parso up to version 0.4.0, where grammar parsing from the cache uses pickle. If an attacker can write a malicious pickle to a cache grammar file and trigger parsing, Arbitrary Code Execution is possible. Note: multiple sources mark this...

7.5CVSS7.5AI score0.01518EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder