HIGH 8.0
PYSEC-2025-68
상세
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://vuldb.com/?ctiid.313283 [ADVISORY]
- https://vuldb.com/?id.313283 [ADVISORY]
- https://vuldb.com/?submit.593099 [ADVISORY]
- https://github.com/Upsonic/Upsonic/issues/353 [EVIDENCE]
- https://github.com/Upsonic/Upsonic/issues/353 [REPORT]
- https://vuldb.com/?ctiid.313283 [WEB]
- https://vuldb.com/?id.313283 [WEB]
- https://vuldb.com/?submit.593099 [WEB]
- https://github.com/advisories/GHSA-rpfv-46xj-5984 [ADVISORY]