CVE-2026-2970

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-2970
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2970.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2970
Aliases
Published
2026-02-23T05:16:20.400Z
Modified
2026-04-02T13:23:03.404815Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/datapizza-labs/datapizza-ai

Affected ranges

Type
GIT
Repo
https://github.com/datapizza-labs/datapizza-ai
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
77843833dc64ebb8a9219d94ee1dc43fe31872a5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.0.2"
        }
    ]
}

Affected versions

v0.*
v0.0.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2970.json"