3 matches found
EUVD-2025-210386
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
CVE-2023-38898
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...
ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...