CRITICAL 9.8

PYSEC-2026-557

Salesforce Uni2TS has a Code Injection vulnerability

상세

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / uni2ts

최초 영향 버전: 0 수정 버전: 2.0.0

수정 pip install --upgrade 'uni2ts>=2.0.0'

참고

https://nvd.nist.gov/vuln/detail/CVE-2026-22584 [ADVISORY]
https://github.com/SalesforceAIResearch/uni2ts/pull/218 [WEB]
https://github.com/SalesforceAIResearch/uni2ts/commit/7f2d51dd729de018f0f22504f39a8475c6fed1c4 [WEB]
https://github.com/SalesforceAIResearch/uni2ts [PACKAGE]
https://github.com/SalesforceAIResearch/uni2ts/releases/tag/2.0.0 [WEB]
https://help.salesforce.com/s/articleView?id=005239354&type=1 [WEB]
https://pypi.org/project/uni2ts [PACKAGE]
https://github.com/advisories/GHSA-7x99-8x99-xc54 [ADVISORY]