Lucene search
K

6 matches found

OSV
OSV
added 5 days ago5 views

PYSEC-2026-491 Apache Pyfory python is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...

9.8CVSS6.2AI score0.41255EPSS
Exploits2References9
Veracode
Veracode
added 2025/11/24 1:12 p.m.9 views

Deserialization Of Untrusted Data

pyfory and pyfury are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the ability to craft a malicious serialized data stream that triggers the pickle-fallback serializer, which allows an attacker to invoke pickle.loads and achieve remote code execution...

9.8CVSS7.7AI score0.41255EPSS
Exploits2References7Affected Software2
EUVD
EUVD
added 2025/10/08 12:31 a.m.7 views

EUVD-2025-31867

EUVD-2025-31867...

4.8CVSS4.2AI score0.00189EPSS
Exploits1References8
Snyk
Snyk
added 2025/10/01 10:41 a.m.3 views

Deserialization of Untrusted Data

Overview pyfury is an Apache Fury™incubating is a blazingly fast multi-language serialization framework powered by jit and zero-copy Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickle module. An attacker can execute arbitrary code by crafting a da...

9.8CVSS7.8AI score0.41255EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/10/01 9:55 a.m.10 views

CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory

Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...

0.41255EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.5 views

Apache Fory 安全漏洞

Apache Fory is a JIT-based dynamic compilation and zero-copy technology based on multi- language serialization framework , designed for distributed systems and high-performance computing scenarios . Apache Fory suffers from a deserialization vulnerability that stems from unsafe deserialization of...

9.8CVSS7.6AI score0.41255EPSS
Exploits2References1
Rows per page
Query Builder