4 matches found
PickleFuzzer: A Case Study in Fuzzing for Discrepancies between Python Pickle Implementations
Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. While developers sometimes mitigate this risk by restricting imports during...
Js2Py Code Execution Vulnerability
Js2Py is a library from the Python Foundation. It is used to convert JavaScript to Python code. A code execution vulnerability exists in Js2Py version 0.74 and earlier, which can be exploited by an attacker to execute arbitrary code via a crafted API call...
keep 安全漏洞
keep is a Meta CLI toolkit from the Python Foundation. A security vulnerability exists in keep version 1.2, which stems from the installation of request packages when installing the keep package, and is exploited by an attacker to leave a malicious backdoor on a victimized machine...
pyanxdns 安全漏洞
pyanxdns is a Python package on PyPI from the Python Foundation. It is used for Python clients to communicate with the ANX DNS API. A security vulnerability exists in pyanxdns version 0.2, which stems from the installation of the request package when installing the pyanxdns package, and can be...