PYSEC-2020-216

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/beaker/PYSEC-2020-216.yaml

Aliases

CVE-2013-7489
GHSA-3cwm-7jmm-774w

Published

2020-06-26T20:15:00Z

Modified

2023-11-08T03:57:29.728434Z

Details

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.

References

https://github.com/bbangert/beaker/issues/191
https://bugzilla.redhat.com/show_bug.cgi?id=1850105
https://www.openwall.com/lists/oss-security/2020/05/14/11
https://github.com/advisories/GHSA-3cwm-7jmm-774w

Affected packages

PyPI / beaker

Package

Name: beaker

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Affected versions

0.*

0.5

0.6

0.6.1

0.6.2

0.6.3

0.7

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.8

0.8.1

0.9

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

1.*

1.0

1.0.1

1.0.2

1.0.3

1.1

1.1.1

1.1.2

1.1.3

1.2

1.2.1

1.2.2

1.2.3

1.3

1.3.1dev

1.3.1

1.4

1.4.1

1.4.2

1.4.3

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.5.post1

1.7.0dev

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.10.0

1.10.1

1.11.0

1.12.0

1.12.1