GHSA-wcpc-f63g-x26q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wcpc-f63g-x26q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wcpc-f63g-x26q/GHSA-wcpc-f63g-x26q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wcpc-f63g-x26q
- Aliases
-
- CVE-2005-2875
- Published
- 2022-05-01T02:12:26Z
- Modified
- 2023-11-08T03:56:45.872465Z
- Summary
- Py2Play Unpickles Untrusted Objects
- Details
-
Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.
- Database specific
{ "nvd_published_at": "2005-09-13T23:03:00Z", "cwe_ids": [ "CWE-502" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-09-18T23:41:06Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2005-2875
- https://bugs.gentoo.org/show_bug.cgi?id=103524
- https://web.archive.org/web/20040824010038/http://home.gna.org/oomadness/fr/slune/index.html
- https://web.archive.org/web/20050213041706/http://soya.literati.org
- https://web.archive.org/web/20161225000907/http://www.securityfocus.com/bid/14864
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976
- http://www.debian.org/security/2005/dsa-856
- http://www.gentoo.org/security/en/glsa/glsa-200509-09.xml
Affected packages
PyPI / py2play
Package
- Name
- py2play
- View open source insights on deps.dev
- Purl
- pkg:pypi/py2play