CVE-2024-35515

Опубликовано: 18 сент. 2024

Источник: redhat

CVSS3: 5.3

Описание

Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.

A flaw was found in sqlitedict. An attacker may be able leverage an insecure deserialization vulnerability to execute arbitrary code.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux AI (RHEL AI)	rhelai1/bootc-nvidia-rhel9	Will not fix
Red Hat Enterprise Linux AI (RHEL AI)	rhelai1/instructlab-nvidia-rhel9	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-502

https://bugzilla.redhat.com/show_bug.cgi?id=2313352sqlitedict: arbitrary code execution via insecure deserialization

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-35515

CVSS3: 9.8

ubuntu

больше 1 года назад

Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.

CVE-2024-35515

CVSS3: 9.8

nvd

больше 1 года назад

Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.

CVE-2024-35515

CVSS3: 9.8

debian

больше 1 года назад

Insecure deserialization in sqlitedict up to v2.1.0 allows attackers t ...

GHSA-g4r7-86gm-pgqc

CVSS3: 8.8

github

больше 1 года назад

sqlitedict insecure deserialization vulnerability

5.3 Medium

CVSS3