CVE Details
Basic Information
| Title | erdogant pypickle pypickle.py load deserialization |
|---|---|
| Type | cve |
| Published | 2025-05-26T07:00:12.974Z |
| Last Seen |
Product Information
| Vendor | erdogant |
|---|---|
| Product | pypickle |
| Version | 1.1.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A deserialization vulnerability exists in the `load` function of `pypickle.py` in erdogant pypickle versions up to 1.1.5. This allows an attacker with local access to execute arbitrary code by manipulating serialized data. The issue is addressed in version 2.0.0. |
|---|---|
| AI Severity | Medium |
| Vendor | erdogant |
| Product | pypickle |
| Affected Version | up to 1.1.5 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-502, CWE-20 |
| Bulletin Family | |
| Source Data | erdogant pypickle 1.1.0 erdogant pypickle 1.1.1 erdogant pypickle 1.1.2 erdogant pypickle 1.1.3 erdogant pypickle 1.1.4 erdogant pypickle 1.1.5 |
Source Information
| Source Data | erdogant pypickle 1.1.0 erdogant pypickle 1.1.1 erdogant pypickle 1.1.2 erdogant pypickle 1.1.3 erdogant pypickle 1.1.4 erdogant pypickle 1.1.5 |
|---|---|
| Source Link |
Description
A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.
CVSS Score Summary
Base Score: 4.8 (MEDIUM)