—
PYSEC-2026-742
Py2Play Unpickles Untrusted Objects
Details
Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / py2play
Introduced in:
0 No fixed version published yet for py2play (pip). Pin to a known-safe version or switch to an alternative.
References
- https://nvd.nist.gov/vuln/detail/CVE-2005-2875 [ADVISORY]
- https://bugs.gentoo.org/show_bug.cgi?id=103524 [WEB]
- https://web.archive.org/web/20040824010038/http://home.gna.org/oomadness/fr/slune/index.html [WEB]
- https://web.archive.org/web/20050213041706/http://soya.literati.org [WEB]
- https://web.archive.org/web/20161225000907/http://www.securityfocus.com/bid/14864 [WEB]
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976 [WEB]
- http://www.debian.org/security/2005/dsa-856 [WEB]
- http://www.gentoo.org/security/en/glsa/glsa-200509-09.xml [WEB]
- https://pypi.org/project/py2play [PACKAGE]
- https://github.com/advisories/GHSA-wcpc-f63g-x26q [ADVISORY]