Описание
Skops unsafe deserialization
Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.
Пакеты
Наименование
skops
pip
Затронутые версииВерсия исправления
>= 0.6, <= 0.9
Отсутствует
Связанные уязвимости
CVSS3: 7.8
nvd
больше 1 года назад
Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.