Lucene search
K

28 matches found

OSV
OSV
added 2026/06/26 8:51 p.m.2 views

GHSA-5W7Q-77MV-V69F python-socketio: Binary attachment accumulation can cause denial of service

Impact The python-socketio server stores binary EVENT and ACK messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of its...

7.5CVSS5.8AI score
Exploits0References2
Redos
Redos
added 2026/02/16 12:0 a.m.4 views

ROS-20260216-73-0004

Vulnerability in python-socketio related to a flaw in the deserialization mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

6.4CVSS6.3AI score0.00446EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-3673a159a9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.8AI score0.00446EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/10/27 12:0 a.m.3 views

openSUSE Security Advisory (SUSE-SU-2025:3780-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.8AI score0.00446EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/25 12:0 a.m.4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-python-socketio (SUSE-SU-2025:3780-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3780-1 advisory. - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193 Tenable has...

6.4CVSS5.9AI score0.00446EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/25 12:0 a.m.4 views

Fedora 43 : python-socketio (2025-3673a159a9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3673a159a9 advisory. Release 5.14.2 - 2025-10-15 - Restore binary message support in message queue setups - Fix formatting of client connection error ---- Release 5.14.1 -...

6.4CVSS5.9AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 1:26 p.m.4 views

SUSE-SU-2025:3780-1 Security update for python-python-socketio

This update for python-python-socketio fixes the following issues: - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193...

6.4CVSS7AI score0.00446EPSS
Exploits0References3
Veracode
Veracode
added 2025/10/15 11:24 a.m.6 views

Remote Code Execution

python-socketio is vulnerable to Remote Code Execution. The vulnerability is due to insecure deserialization using pickle library, due to servers trusting and calling pickle.loads on inter-server message-queue payloads, This allowing an attacker with access to the message queue to send a crafted...

6.4CVSS7AI score0.00446EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2025/10/13 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-96c38634c7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.8AI score0.00446EPSS
Exploits0References4
Fedora
Fedora
added 2025/10/11 12:58 a.m.12 views

[SECURITY] Fedora 42 Update: python-socketio-5.14.1-1.fc42

Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...

6.4CVSS7AI score0.00446EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.7 views

Fedora 42 : python-socketio (2025-96c38634c7)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-96c38634c7 advisory. Release 5.14.1 - 2025-10-02 - Restore support for rediss:// URLs, and add support for valkeys:// as well - Add support for Redis connections using unix socke...

6.4CVSS5.9AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2025/10/08 12:0 a.m.2 views

OPENSUSE-SU-2025:15613-1 python311-python-socketio-5.14.1-1.1 on GA media

These are all security issues fixed in the python311-python-socketio-5.14.1-1.1 package on the GA media of openSUSE Tumbleweed...

6.4CVSS5.8AI score0.00446EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-61765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior ...

6.4CVSS7.4AI score0.00446EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/07 11:25 p.m.5 views

SUSE CVE-2025-61765

python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...

6.4CVSS8.4AI score0.00446EPSS
Exploits0References4
OSV
OSV
added 2025/10/07 12:55 p.m.4 views

GHSA-G8C6-8FJJ-2R4M python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments

Summary A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use...

6.4CVSS8.5AI score0.00446EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/07 12:55 p.m.10 views

python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments

Summary A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use...

6.4CVSS8.5AI score0.00446EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2025/10/07 12:55 p.m.3 views

abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +252 more potentially affected by CVE-2025-61765 via python-socketio (>=2.0.0 <=5.13.0)

python-socketio PYPI version =2.0.0, =1.0.0, =2.0.0, =2.1.0, =0.1.1, =0.1.2, =0.1.1, =1.0.0, =0.0.2, =4.0.4, =0.1.1, =4.1.0, =0.16.0, =0.20.2 and more Source cves: CVE-2025-61765 Source advisory: OSV:GHSA-G8C6-8FJJ-2R4M...

6.4CVSS5.8AI score0.00446EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:55 p.m.8 views

EUVD-2025-32549

python-socketio vulnerable to arbitrary Python code execution RCE through malicious pickle deserialization in certain multi-server deployments...

6.4CVSS7.2AI score0.00446EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/10/06 4:51 p.m.2 views

abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +252 more potentially affected by CVE-2025-61765 via python-socketio (>=2.0.0 <=5.13.0)

python-socketio PYPI version =2.0.0, =1.0.0, =2.0.0, =2.1.0, =0.1.1, =0.1.2, =0.1.1, =1.0.0, =0.0.2, =4.0.4, =0.1.1, =4.1.0, =0.16.0, =0.20.2 and more Source cves: CVE-2025-61765 Source advisory: SNYK:PYTHON-PYTHONSOCKETIO-13450297...

6.4CVSS5.8AI score0.00446EPSS
Exploits0
OSV
OSV
added 2025/10/06 4:15 p.m.4 views

DEBIAN-CVE-2025-61765

python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...

6.4CVSS7.3AI score0.00446EPSS
Exploits0References1
Rows per page
Query Builder