Количество 7
Количество 7
GHSA-g8c6-8fjj-2r4m
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
CVE-2025-61765
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during de...
CVE-2025-61765
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during deser
CVE-2025-61765
python-socketio is a Python implementation of the Socket.IO realtime c ...
SUSE-SU-2025:3780-1
Security update for python-python-socketio
BDU:2026-03615
Уязвимость библиотеки python-socketio, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код
ROS-20260216-73-0004
Уязвимость python-socketio
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-g8c6-8fjj-2r4m python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments | CVSS3: 6.4 | 1% Низкий | 6 месяцев назад |
 | CVE-2025-61765 python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during de... | CVSS3: 6.4 | 1% Низкий | 6 месяцев назад |
 | CVE-2025-61765 python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during deser | CVSS3: 6.4 | 1% Низкий | 6 месяцев назад |
| CVE-2025-61765 python-socketio is a Python implementation of the Socket.IO realtime c ... | CVSS3: 6.4 | 1% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:3780-1 Security update for python-python-socketio | 1% Низкий | 6 месяцев назад | |
 | BDU:2026-03615 Уязвимость библиотеки python-socketio, связанная с недостатками механизма десериализации, позволяющая нарушителю выполнить произвольный код | CVSS3: 6.4 | 1% Низкий | 6 месяцев назад |
 | ROS-20260216-73-0004 Уязвимость python-socketio | CVSS3: 6.4 | 1% Низкий | около 2 месяцев назад |
Уязвимостей на страницу