Lucene search
K

5 matches found

OSV
OSV
added 2026/05/28 8:2 p.m.8 views

GHSA-X6P3-76F2-XXVH Shamefile has an arbitrary file read via shamefile.yaml in shame next

Impact A path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. Patches Fixed in 0.1.7. Upgrade to...

5.5CVSS5.8AI score0.00013EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/09 9:12 p.m.2 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unsafeimports function. An attacker can execute arbitrary code by supplying a malicious pickle that imports dangerous...

9.3CVSS8AI score0.00554EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/09 9:5 p.m.2 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code by supplying a malicious pickle payload that uses the pydoc and ctypes modules to bypass...

9.3CVSS7.7AI score0.00346EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/09 9:4 p.m.3 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the cProfile.run process. An attacker can execute arbitrary code by supplying a malicious pickle file that bypasses checks and...

9.3CVSS7.7AI score0.0044EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.4 views

PT-2026-2227

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the cProfile.run function as SUSPICIOUS instead of OVERTLY MALICIOUS. This...

9.3CVSS7.1AI score0.0044EPSS
Exploits1References23
Rows per page
Query Builder