4 matches found
Command Injection
Overview rubyipmi is a Controls IPMI devices via command line wrapper for ipmitool and freeipmi Affected versions of this package are vulnerable to Command Injection via the username parameter in the BMC interface. An attacker can execute arbitrary system commands by supplying a specially crafted...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url parameter in the /api/images/cache endpoint. An attacker can cause the server to download arbitrary content by supplying a crafted URL. This is only exploitable if the attacker is an...
Deserialization of Untrusted Data
Overview skops is an A set of tools to push scikit-learn based models to and pull from Hugging Face Hub Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getmodel function due to insecure pickle loading. An attacker can execute arbitrary code by supplyi...
PT-2025-32333
Name of the Vulnerable Software and Affected Versions skops versions 0.12.0 and below skops versions prior to 0.13.0 Description The Card.get model function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both joblib and skops for model...