VDB
EN
HIGH 7.2

PYSEC-2026-681

Unrestricted Upload of File with Dangerous Type in motionEye

상세

motionEye <= 0.42.1 and motioneEyeOS <= 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials.

The GitHub repositories for motionEye and motionEyeOS are no longer being actively maintained as of January 2022, so release of a patched version is unlikely. Keeping a motionEye or motionEyeOS installation off of the Internet and/or using strong credentials provide protection against this issue.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / motioneye
최초 영향 버전: 0

No fixed version published yet for motioneye (pip). Pin to a known-safe version or switch to an alternative.

참고