OESA-2026-1595 python-ply security update

/ply/ /ply--.egg-info/ Security Fixes: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Becaus...

abjad (>=3.20.0 <=3.31.0), abjad-ext-nauert (>=3.20.0 <=3.21.0) +2175 more potentially affected by CVE-2025-56005 via ply (>=3.10.0 <=3.8.0)

ply PYPI version =3.10.0, =3.20.0, =3.20.0, =3.20.0, =1.1.0, =0.1.0.post1, =0.5.1, =4.2.0, =1.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2025-56005 Source advisory: SNYK:PYTHON-PLY-15046763...

Deserialization of Untrusted Data

Overview ply is a Python Lex & Yacc Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the picklefile parameter in the yacc function. An attacker can execute arbitrary code by supplying a specially crafted pickle file that is deserialized without validation...