6 matches found
PYSEC-2026-491 Apache Pyfory python is vulnerable to deserialization of untrusted data
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
Deserialization Of Untrusted Data
pyfory and pyfury are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the ability to craft a malicious serialized data stream that triggers the pickle-fallback serializer, which allows an attacker to invoke pickle.loads and achieve remote code execution...
EUVD-2025-31867
EUVD-2025-31867...
Deserialization of Untrusted Data
Overview pyfury is an Apache Fury™incubating is a blazingly fast multi-language serialization framework powered by jit and zero-copy Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickle module. An attacker can execute arbitrary code by crafting a da...
CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
Apache Fory 安全漏洞
Apache Fory is a JIT-based dynamic compilation and zero-copy technology based on multi- language serialization framework , designed for distributed systems and high-performance computing scenarios . Apache Fory suffers from a deserialization vulnerability that stems from unsafe deserialization of...