22 matches found
Malicious code in @zalastax/nolb-parso (npm)
The package @zalastax/nolb-parso was found to contain malicious code...
MAL-2025-13014 Malicious code in @zalastax/nolb-parso (npm)
The package @zalastax/nolb-parso was found to contain malicious code...
SUSE CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
Deserialization vulnerability exists in parso
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
GHSA-22MF-97VH-X8RW Deserialization vulnerability exists in parso
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
Arbitrary Code Execution
parso is vulnerable to arbitrary code execution. Due to the way grammer parsing is performed from the cache that relies on pickle, this allows deserialization of untrusted data which would allow an attacker to execute malicious code via a malicious pickle. Update: This CVE has since been disputed...
Deserialization of Untrusted Data
Amendment This was deemed not a vulnerability. Overview parso is a Python parser that supports error recovery and round-trip parsing for different Python versions. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A deserialization vulnerability exists in the...
PYSEC-2019-109
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
UBUNTU-CVE-2019-12760
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
box-oauth (>=0.2.5 <=0.3.1), cabrita (>=2.2.2b1 <=2.2.2b2) +15 more potentially affected by CVE-2019-12760 via parso (>=0.1.0 <=0.4.0)
parso PYPI version =0.1.0, =0.2.5, =2.2.2b1, =0.3.4, =0.2.0, =0.3.25, =0.5.3, =0.11.0, =0.1.7, =0.0.146, =0.1.0.dev0, =0.2.1, =0.3.3 and more Source cves: CVE-2019-12760 Source advisory: OSV:PYSEC-2019-109...
CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
Deserialization of untrusted data
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
PYSEC-2019-109
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
PYSEC-2019-39
DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...
DEBIAN-CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
CVE-2019-12760
The CVE-2019-12760 entry describes a deserialization flaw in parso up to version 0.4.0, where grammar parsing from the cache uses pickle. If an attacker can write a malicious pickle to a cache grammar file and trigger parsing, Arbitrary Code Execution is possible. Note: multiple sources mark this...