GHSA-jm66-cg57-jjv5

Suggest an improvement
Source
https://github.com/advisories/GHSA-jm66-cg57-jjv5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-jm66-cg57-jjv5/GHSA-jm66-cg57-jjv5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jm66-cg57-jjv5
Aliases
Downstream
Related
Published
2026-01-13T21:31:44Z
Modified
2026-02-04T03:15:14.392514Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Azure Core is vulnerable to deserialization of untrusted data
Details

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.

Database specific 
{
    "nvd_published_at": "2026-01-13T19:16:23Z",
    "cwe_ids": [
        "CWE-502"
    ],
    "github_reviewed_at": "2026-01-13T21:57:47Z",
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

PyPI / azure-core

Package

Name
azure-core
View open source insights on deps.dev
Purl
pkg:pypi/azure-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.38.0

Affected versions

1.*
1.0.0b1
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0
1.10.0
1.11.0
1.12.0b1
1.12.0
1.13.0b1
1.13.0
1.14.0b1
1.14.0
1.15.0b1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.19.1
1.20.0
1.20.1
1.21.0
1.21.1
1.22.0
1.22.1
1.23.0
1.23.1
1.24.0
1.24.1
1.24.2
1.25.0
1.25.1
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.27.0
1.27.1
1.28.0
1.29.0
1.29.1
1.29.2
1.29.3
1.29.4
1.29.5
1.29.6
1.29.7
1.30.0
1.30.1
1.30.2
1.31.0
1.32.0
1.33.0
1.34.0
1.35.0
1.35.1
1.36.0
1.37.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-jm66-cg57-jjv5/GHSA-jm66-cg57-jjv5.json"