PYSEC-2018-100
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/rope/PYSEC-2018-100.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2018-100
- Aliases
- Published
- 2018-04-06T16:29:00Z
- Modified
- 2023-11-01T04:45:36.397575Z
- Summary
- [none]
- Details
-
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
- References
Affected packages
PyPI / rope
Package
- Name
- rope
- View open source insights on deps.dev
- Purl
- pkg:pypi/rope
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.11.0
Affected versions
0.*
0.3m1
0.3m2
0.3m3
0.3m4
0.3m5
0.4m1
0.4m2
0.4m3
0.4m4
0.4m5
0.5m1
0.5m2
0.5m3
0.5m4
0.5m5
0.6m1
0.6m2
0.6m3
0.6m4
0.6m5
0.6m6
0.2RC
0.2pre2
0.2pre3
0.2pre4
0.2pre5
0.2
0.3rc1
0.3
0.4rc1
0.4
0.5rc1
0.5
0.6
0.6.1
0.6.2
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.8
0.8.1
0.8.2
0.8.3
0.8.4
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7