Lucene search
+L

9 matches found

Cvelist
Cvelist
added 2025/08/08 12:3 a.m.15 views

CVE-2025-54886 skops: Card.get_model does not block arbitrary code execution

skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.getmodel does not contain any logic to prevent arbitrary code execution. The Card.getmodel function supports both joblib and skops for model loading. When loading...

8.4CVSS0.00212EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/07 4:42 p.m.6 views

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54886 via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54886 Source advisory: SNYK:PYTHON-SKOPS-11509790...

8.4CVSS5.8AI score0.00212EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.11 views

PT-2025-32333

Name of the Vulnerable Software and Affected Versions skops versions 0.12.0 and below skops versions prior to 0.13.0 Description The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for model...

8.4CVSS6.5AI score0.00212EPSS
Exploits0References14
Veracode
Veracode
added 2025/08/05 1:40 p.m.6 views

Arbitrary Code Execution

skops is vulnerable to Arbitrary Code Execution. The vulnerability is due to exploitation of the MethodNode class, which allows unexpected attribute access via dot notation during model loading...

8.7CVSS6.2AI score0.00138EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2025/07/26 4:16 a.m.70 views

CVE-2025-54412

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

8.7CVSS0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/26 3:29 a.m.12 views

CVE-2025-54413 skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at loa...

8.7CVSS0.00138EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/07/25 7:21 p.m.17 views

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54413 via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54413 Source advisory: OSV:GHSA-4V6W-XPMH-GFGP...

8.7CVSS5.8AI score0.00138EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/07/25 7:17 p.m.3 views

aioradio (=0.20.24), aisquared (>=0.2.2.dev0 <=0.2.2.dev9) +20 more potentially affected by CVE-2025-54412 +1 more via skops (>=0.10.0 <=0.11.0)

skops PYPI version =0.10.0, =0.2.2.dev0, =23.10.1, =23.8.0, =0.5.1, =1.2.15, =1.5.0, =0.4.0, =0.1.0, =1.5.0, =1.6.1 - prompt-protect =0.1.0 and more Source cves: CVE-2025-54412, CVE-2025-54413 Source advisory: OSV:GHSA-M7F4-HRC6-FWG3...

8.7CVSS5.8AI score0.00138EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.12 views

PT-2025-30943

Vulnerability Summary Name of the Vulnerable Software and Affected Versions skops versions 0.11.0 and below Description skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the OperatorFuncNode allows exploitation to hide the execution of untruste...

8.7CVSS6.6AI score0.00137EPSS
Exploits0References15
Rows per page
Query Builder