28 matches found
GHSA-5W7Q-77MV-V69F python-socketio: Binary attachment accumulation can cause denial of service
Impact The python-socketio server stores binary EVENT and ACK messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of its...
ROS-20260216-73-0004
Vulnerability in python-socketio related to a flaw in the deserialization mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
Fedora: Security Advisory (FEDORA-2025-3673a159a9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:3780-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-python-socketio (SUSE-SU-2025:3780-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3780-1 advisory. - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193 Tenable has...
Fedora 43 : python-socketio (2025-3673a159a9)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3673a159a9 advisory. Release 5.14.2 - 2025-10-15 - Restore binary message support in message queue setups - Fix formatting of client connection error ---- Release 5.14.1 -...
SUSE-SU-2025:3780-1 Security update for python-python-socketio
This update for python-python-socketio fixes the following issues: - CVE-2025-61765: fixed by using json, rather than pickle for serialization bsc1251193...
Remote Code Execution
python-socketio is vulnerable to Remote Code Execution. The vulnerability is due to insecure deserialization using pickle library, due to servers trusting and calling pickle.loads on inter-server message-queue payloads, This allowing an attacker with access to the message queue to send a crafted...
Fedora: Security Advisory (FEDORA-2025-96c38634c7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 42 Update: python-socketio-5.14.1-1.fc42
Socket.IO is a transport protocol that enables real-time bidirectional event-based communication between clients typically, though not always, web browsers and a server. The official implementations of the client and server components are written in JavaScript. This package provides Python...
Fedora 42 : python-socketio (2025-96c38634c7)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-96c38634c7 advisory. Release 5.14.1 - 2025-10-02 - Restore support for rediss:// URLs, and add support for valkeys:// as well - Add support for Redis connections using unix socke...
OPENSUSE-SU-2025:15613-1 python311-python-socketio-5.14.1-1.1 on GA media
These are all security issues fixed in the python311-python-socketio-5.14.1-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2025-61765
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior ...
SUSE CVE-2025-61765
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...
GHSA-G8C6-8FJJ-2R4M python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
Summary A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use...
abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +252 more potentially affected by CVE-2025-61765 via python-socketio (>=2.0.0 <=5.13.0)
python-socketio PYPI version =2.0.0, =1.0.0, =2.0.0, =2.1.0, =0.1.1, =0.1.2, =0.1.1, =1.0.0, =0.0.2, =4.0.4, =0.1.1, =4.1.0, =0.16.0, =0.20.2 and more Source cves: CVE-2025-61765 Source advisory: OSV:GHSA-G8C6-8FJJ-2R4M...
EUVD-2025-32549
python-socketio vulnerable to arbitrary Python code execution RCE through malicious pickle deserialization in certain multi-server deployments...
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
Summary A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use...
abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +252 more potentially affected by CVE-2025-61765 via python-socketio (>=2.0.0 <=5.13.0)
python-socketio PYPI version =2.0.0, =1.0.0, =2.0.0, =2.1.0, =0.1.1, =0.1.2, =0.1.1, =1.0.0, =0.0.2, =4.0.4, =0.1.1, =4.1.0, =0.16.0, =0.20.2 and more Source cves: CVE-2025-61765 Source advisory: SNYK:PYTHON-PYTHONSOCKETIO-13450297...
DEBIAN-CVE-2025-61765
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...