3 matches found
Deserialization of Untrusted Data
Overview python-socketio is a Socket.IO server and client for Python Affected versions of this package are vulnerable to Deserialization of Untrusted Data via payloads that are passed between Socket.IO processes in multi-server deployments. An attacker can execute arbitrary code by sending a...
CVE-2025-61765 python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...
CVE-2025-61765
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...