Lucene search
K

9 matches found

NVD
NVD
added 2026/03/20 9:17 p.m.7 views

CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

8.7CVSS0.00452EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:25 p.m.4 views

CVE-2026-33155

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:25 p.m.26 views

CVE-2026-33155 DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

8.7CVSS0.00452EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:25 p.m.5 views

CVE-2026-33155 DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 8:25 p.m.13 views

CVE-2026-33155

CVE-2026-33155 affects the Python DeepDiff project. The vulnerability lies in the pickle unpickler _RestrictedUnpickler (versions 5.0.0–before 8.6.2) not constraining constructor arguments for certain SAFE_TO_IMPORT types (e.g., builtins.bytes, builtins.list, builtins.range). A 40-byte pickle pay...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/18 8:10 p.m.7 views

GHSA-54JJ-PX8X-5W5Q DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

Summary The pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have constructors that allocate memory proportional to their input builtins.bytes, builtins.list, builtins.range. A 40-byte...

8.7CVSS7.7AI score0.00452EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/18 8:10 p.m.6 views

DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

Summary The pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have constructors that allocate memory proportional to their input builtins.bytes, builtins.list, builtins.range. A 40-byte...

8.7CVSS8AI score0.00452EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/10/03 5:1 a.m.6 views

Insecure Deserialization

DeepDiff is vulnerable to insecure deserialization.The vulnerability is due to class pollution via the Delta class constructor which, when combined with a gadget in DeltaDiff, allows an attacker to modify deepdiff.serialization.SAFETOIMPORT and trigger insecure Pickle deserialization through Delt...

10CVSS7.9AI score0.01056EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/09/03 10:25 p.m.1 views

GHSA-MW26-5G2V-HQW3 DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more

Summary Python class pollution is a novel vulnerability categorized under CWE-915. The Delta class is vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it can lead to Denial of Service and Remote Code Execution via insecure Pickle...

10CVSS7.8AI score0.01056EPSS
Exploits0References7
Rows per page
Query Builder