PYSEC-2020-73
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pandas/PYSEC-2020-73.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2020-73
- Aliases
- Published
- 2020-05-15T19:15:00Z
- Modified
- 2023-11-08T04:02:12.263851Z
- Summary
- [none]
- Details
-
* DISPUTED * pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle() function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.
- References
Affected packages
PyPI / pandas
Package
- Name
- pandas
- View open source insights on deps.dev
- Purl
- pkg:pypi/pandas
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.4
Affected versions
0.*
0.1
0.2beta
0.2b1
0.2
0.3.0.beta
0.3.0.beta2
0.3.0
0.4.0
0.4.1
0.4.2
0.4.3
0.5.0
0.6.0
0.6.1
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0rc1
0.8.0rc2
0.8.0
0.8.1
0.9.0
0.9.1
0.10.0
0.10.1
0.11.0
0.12.0
0.13.0
0.13.1
0.14.0
0.14.1
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.17.0
0.17.1
0.18.0
0.18.1
0.19.0rc1
0.19.0
0.19.1
0.19.2
0.20.0rc1
0.20.0
0.20.1
0.20.2
0.20.3
0.21.0rc1
0.21.0
0.21.1
0.22.0
0.23.0rc2
0.23.0
0.23.1
0.23.2
0.23.3
0.23.4
0.24.0rc1
0.24.0
0.24.1
0.24.2
0.25.0rc0
0.25.0
0.25.1
0.25.2
0.25.3
1.*
1.0.0rc0
1.0.0
1.0.1
1.0.2
1.0.3