GHSA-r38r-qp28-2m63
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r38r-qp28-2m63
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-r38r-qp28-2m63/GHSA-r38r-qp28-2m63.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-r38r-qp28-2m63
- Aliases
- Published
- 2018-07-26T16:08:49Z
- Modified
- 2024-10-21T22:17:59.624285Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Code injection in rope
- Details
-
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:53:34Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-502" ], "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-3539
- https://github.com/python-rope/rope/commit/b01da7aab5cd02129941d2a900e6e5e3b5f7d4fb
- https://bugzilla.redhat.com/show_bug.cgi?id=1116485
- https://github.com/pypa/advisory-database/tree/main/vulns/rope/PYSEC-2018-100.yaml
- https://github.com/python-rope/rope
- http://www.openwall.com/lists/oss-security/2015/02/07/1
Affected packages
PyPI / rope
Package
- Name
- rope
- View open source insights on deps.dev
- Purl
- pkg:pypi/rope
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.11.0
Affected versions
0.*
0.3m1
0.3m2
0.3m3
0.3m4
0.3m5
0.4m1
0.4m2
0.4m3
0.4m4
0.4m5
0.5m1
0.5m2
0.5m3
0.5m4
0.5m5
0.6m1
0.6m2
0.6m3
0.6m4
0.6m5
0.6m6
0.2RC
0.2pre2
0.2pre3
0.2pre4
0.2pre5
0.2
0.3rc1
0.3
0.4rc1
0.4
0.5rc1
0.5
0.6
0.6.1
0.6.2
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.8
0.8.1
0.8.2
0.8.3
0.8.4
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7