CVE-2019-6446

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-6446
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6446.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6446
Aliases
Related
Withdrawn
2019-11-06T00:07:55Z
Published
2019-01-16T05:29:01Z
Modified
2023-11-28T17:50:43.779651Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

References

Affected packages

Git / github.com/numpy/numpy

Affected ranges

Type
GIT
Repo
https://github.com/numpy/numpy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

pre-removal-numpybook
with_maskna

v0.*

v0.2.2
v0.3.0

v1.*

v1.16.0
v1.16.0rc1
v1.16.0rc2