Количество 2
Количество 2
CVE-2025-58757
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.
GHSA-p8cm-mm2v-gwjm
Monai: Unsafe use of Pickle deserialization may lead to RCE
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-58757 MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available. | CVSS3: 8.8 | 0% Низкий | 5 месяцев назад |
| GHSA-p8cm-mm2v-gwjm Monai: Unsafe use of Pickle deserialization may lead to RCE | CVSS3: 8.8 | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу