3 matches found
SUSE CVE-2019-12760
A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution...
Arbitrary Code Execution
parso is vulnerable to arbitrary code execution. Due to the way grammer parsing is performed from the cache that relies on pickle, this allows deserialization of untrusted data which would allow an attacker to execute malicious code via a malicious pickle. Update: This CVE has since been disputed...
box-oauth (>=0.2.5 <=0.3.1), cabrita (>=2.2.2b1 <=2.2.2b2) +15 more potentially affected by CVE-2019-12760 via parso (>=0.1.0 <=0.4.0)
parso PYPI version =0.1.0, =0.2.5, =2.2.2b1, =0.3.4, =0.2.0, =0.3.25, =0.5.3, =0.11.0, =0.1.7, =0.0.146, =0.1.0.dev0, =0.2.1, =0.3.3 and more Source cves: CVE-2019-12760 Source advisory: OSV:PYSEC-2019-109...