Remote Code Execution (RCE)

2018-08-2902:36:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

67.9%

JSON

conference-scheduler-cli is vulnerable to remote code execution (RCE) attacks. The library does not properly handle the deserialization of .pickle files, allowing a malicious user to inject and execute arbitrary code through it.

CPENameOperatorVersion
conference-scheduler-clile0.10.1

CPE	Name	Operator	Version
	conference-scheduler-cli	le	0.10.1

References

github.com/PyconUK/ConferenceScheduler-cli/blob/98dc383cc8e5a013eefa5fdec918f1c5600bc4c6/src/scheduler/io.py#L72

github.com/PyconUK/ConferenceScheduler-cli/issues/19

joel-malwarebenchmark.github.io/blog/2020/04/25/cve-2018-14572-conference-scheduler-cli/

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for VERACODE:7371