PYSEC-2018-64

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/conference-scheduler-cli/PYSEC-2018-64.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2018-64

Aliases

Published

2018-08-28T19:29:00Z

Modified

2023-11-01T04:48:59.562293Z

Summary

[none]

Details

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

References

Affected packages

PyPI / conference-scheduler-cli

Package

Name: conference-scheduler-cli; View open source insights on deps.dev
Purl: pkg:pypi/conference-scheduler-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.3.1

0.4.0

0.4.1

0.5.0

0.6.0

0.7.0

0.7.1

0.7.2

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.9.0

0.9.1

0.10.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/conference-scheduler-cli/PYSEC-2018-64.yaml"