Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13Y3BjLWY2M2cteDI2cc10FQ

Py2Play Unpickles Untrusted Objects

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.

Permalink: https://github.com/advisories/GHSA-wcpc-f63g-x26q
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Y3BjLWY2M2cteDI2cc10FQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago


EPSS Percentage: 0.01838
EPSS Percentile: 0.88563

Identifiers: GHSA-wcpc-f63g-x26q, CVE-2005-2875
References: Blast Radius: 0.0

Affected Packages

pypi:Py2Play
Dependent packages: 0
Dependent repositories: 1
Downloads: 30 last month
Affected Version Ranges: <= 0.1.8
No known fixed version
All affected versions: