sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data

Impact sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both...

Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

PYSEC-2019-116

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

CVE-2019-17206

The CVE-2019-17206 entry describes an Uncontrolled deserialization of a pickled object in the Frost Ming rediswrapper (Redis Wrapper) code path, specifically in models.py, that existed prior to version 0.3.0. This vulnerability allows an attacker to execute arbitrary scripts due to unsafe pickle ...