CVE Details
Basic Information
| Title | erdogant pypickle pypickle.py save improper authorization |
|---|---|
| Type | cve |
| Published | 2025-05-26T07:31:06.272Z |
| Last Seen |
Product Information
| Vendor | erdogant |
|---|---|
| Product | pypickle |
| Version | 1.1.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in erdogant pypickle allows local attackers to bypass authorization checks, potentially leading to unauthorized access or data manipulation. The issue affects versions up to 1.1.5 and is fixed in version 2.0.0. |
|---|---|
| AI Severity | Medium |
| Vendor | erdogant |
| Product | pypickle |
| Affected Version | 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-285, CWE-266 |
| Bulletin Family | |
| Source Data | erdogant pypickle 1.1.0 erdogant pypickle 1.1.1 erdogant pypickle 1.1.2 erdogant pypickle 1.1.3 erdogant pypickle 1.1.4 erdogant pypickle 1.1.5 |
Source Information
| Source Data | erdogant pypickle 1.1.0 erdogant pypickle 1.1.1 erdogant pypickle 1.1.2 erdogant pypickle 1.1.3 erdogant pypickle 1.1.4 erdogant pypickle 1.1.5 |
|---|---|
| Source Link |
Description
A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.
CVSS Score Summary
Base Score: 4.8 (MEDIUM)