Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-3957

Опубликовано: 06 фев. 2018
Источник: ubuntu
Приоритет: medium
CVSS2: 7.5
CVSS3: 9.8

Описание

The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.

РелизСтатусПримечание
artful

ignored

end of life
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

esm-apps/xenial

released

2.12.3-1ubuntu0.1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [code not present]]
precise/esm

DNE

trusty

not-affected

code not present
trusty/esm

DNE

trusty was not-affected [code not present]

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2016-3957

CVSS3: 9.8
nvd
около 8 лет назад

The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.

debian логотип

CVE-2016-3957

CVSS3: 9.8
debian
около 8 лет назад

The secure_load function in gluon/utils.py in web2py before 2.14.2 use ...

github логотип

GHSA-p6rg-cchx-f5x4

CVSS3: 9.8
github
больше 3 лет назад

The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.

7.5 High

CVSS2

9.8 Critical

CVSS3