52 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-47952
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSO...
SUSE CVE-2021-47952
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
CVE-2021-47952
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
EUVD-2021-34842
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
CVE-2021-47952
CVE-2021-47952 affects python jsonpickle 2.0.0 and describes a remote code execution vulnerability through deserialization of JSON payloads containing py/repr objects. The attack leverages directives that invoke eval during deserialization to execute system commands and arbitrary code, with high-...
CVE-2021-47952
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...
PT-2026-41450
Name of the Vulnerable Software and Affected Versions jsonpickle version 2.0.0 Description An issue exists where attackers can execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. This occurs because crafted JSON strings with py/repr directives ca...
Jsonpickle 代码注入漏洞
Jsonpickle is a software developed by the individual who created Jsonpickle, designed for Python to serialize Python objects into JSON format. Version 2.0.0 of jsonpickle contains a code injection vulnerability. This vulnerability stems from deserialization issues, allowing attackers to execute...
MiracleLinux 7 : python-2.7.5-92.0.1.el7.AXS7 (AXSA:2022-3427:14)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3427:14 advisory. python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 python-urllib3: CRLF injection via HTTP request method...
MAL-2025-83577 Malicious code in bella-empal59-apidev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9748c5a0d340e3abba80042e74c79ca788f433b118cfa032228d4d473839cccb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2019-0020
Malware in sbrugna...
BIT-LIBPYTHON-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...
GHSA-74R5-G7VC-J2V2 zerovec-derive incorrectly uses `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
zerovec incorrectly uses `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
GHSA-XRV3-JMCP-374J zerovec incorrectly uses `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
RUSTSEC-2024-0347 Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
SUSE CVE-2006-4980
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts...
python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack an...
GHSA-HFXP-P695-629X abomonation transmutes &T to and from &[u8] without sufficient constraints
This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...