Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13Y3BjLWY2M2cteDI2cc10FQ
Py2Play Unpickles Untrusted Objects
Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.
Permalink: https://github.com/advisories/GHSA-wcpc-f63g-x26qJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Y3BjLWY2M2cteDI2cc10FQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-wcpc-f63g-x26q, CVE-2005-2875
References:
- https://nvd.nist.gov/vuln/detail/CVE-2005-2875
- https://bugs.gentoo.org/show_bug.cgi?id=103524
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976
- http://www.debian.org/security/2005/dsa-856
- http://www.gentoo.org/security/en/glsa/glsa-200509-09.xml
- https://web.archive.org/web/20040824010038/http://home.gna.org/oomadness/fr/slune/index.html
- https://web.archive.org/web/20050213041706/http://soya.literati.org/
- https://web.archive.org/web/20161225000907/http://www.securityfocus.com/bid/14864
- https://github.com/advisories/GHSA-wcpc-f63g-x26q
Affected Packages
pypi:Py2Play
Dependent packages: 0Dependent repositories: 1
Downloads: 28 last month
Affected Version Ranges: <= 0.1.8
No known fixed version
All affected versions: