Описание
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rope | fixed | 0.10.3-1 | package | |
| rope | no-dsa | jessie | package | |
| rope | no-dsa | squeeze | package | |
| rope | no-dsa | wheezy | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1116485
https://github.com/python-rope/rope/issues/105
0.10.3-1 only adds a mitigation for the issue, so not completely fixed.
Still mark it as fixed in this version because patch limits socket
connections to localhost only
EPSS
Процентиль: 83%
0.01983
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 8 лет назад
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
CVSS3: 9.8
nvd
почти 8 лет назад
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
EPSS
Процентиль: 83%
0.01983
Низкий