34 matches found
Improper Control of Dynamically-Managed Code Resources
Overview apache-airflow-providers-http is a Provider package apache-airflow-providers-http for Apache Airflow Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the HttpTrigger’s pickle-based serialization in the deferred HTTP task...
DEBIAN-CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
CVE-2025-69872
CVE-2025-69872 affects DiskCache (python-diskcache) up to version 5.6.3, where Python pickle is used for serialization by default. An attacker with write access to the cache directory can cause arbitrary code execution when the victim application reads from the cache. The provided documents do no...
CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
CVE-2025-32444
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...
PYSEC-2025-42
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...
vLLM 代码问题漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions prior to 0.6.5 to 0.8.5, which stems from the use of pickle-based serialization and could lead to remote code execution...
Withdrawn Advisory: Dask Vulnerable to Command Injection
Withdrawn Advisory This advisory has been withdrawn because it describes intended functionality. This link is maintained to preserve external references. Original Description Dask versions =2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allow...
PYSEC-2025-27
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...
GHSA-M4F6-VCJ4-W5MX snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache
Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue...
PT-2025-5575 · Snowflake · Snowflake Connector For Python
Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions 2.7.12 through 3.13.0 Description: The OCSP response cache in the Snowflake Connector for Python uses pickle as the serialization format, potentially leading to local privilege escalation. This issue ca...
Llama Stack 安全漏洞
Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in versions prior to Llama Stack 7a8aa775e5a267cf8660d83140011a0b7f91e005, which stems from the use of pickle as a serialization format for socket communication, and could allow...
Exploit for Deserialization of Untrusted Data in Flask-Caching_Project Flask-Caching
It is an offensive tool for web exploitation. This PoC exploit t...
Pickle serialization vulnerable to Deserialization of Untrusted Data
What We are using pickle as default serialization module but that has known security issues see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9. In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles...
GHSA-5M22-CFQ9-86X6 Pickle serialization vulnerable to Deserialization of Untrusted Data
What We are using pickle as default serialization module but that has known security issues see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9. In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles...
CVE-2023-23930
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
CVE-2023-23930 vantage6's Pickle serialization is insecure
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
CVE-2023-23930 vantage6's Pickle serialization is insecure
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
CVE-2023-23930 vantage6's Pickle serialization is insecure
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...