Lucene search
GoogleOSV:GHSA-VRCF-G539-X6H3HistoryNov 20, 2019 - 1:37 a.m.
Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
2019-11-2001:37:13
Google
osv.dev
8
0.006 Low
EPSS
Percentile
77.7%
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rediswrapper | eq | 0.1.0 | |
| rediswrapper | eq | 0.2.0 | |
| rediswrapper | eq | 0.2.1 |
References
github.com/frostming/rediswrapper
github.com/frostming/rediswrapper/commit/748f60bafd857c24f65683426f665350e2c3f91b
github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0
github.com/frostming/rediswrapper/pull/1
github.com/frostming/rediswrapper/releases/tag/v0.3.0
nvd.nist.gov/vuln/detail/CVE-2019-17206
Related
veracode
veracode
Arbitrary Code Execution
2019-10-07 03:02:58
cvelist
cvelist
CVE-2019-17206
2019-10-05 22:01:24
osv
osv
CVE-2019-17206
2019-10-05 23:15:10
PYSEC-2019-116
2019-10-05 23:15:00
cve
cve
CVE-2019-17206
2019-10-05 23:15:10
nvd
nvd
CVE-2019-17206
2019-10-05 23:15:10
github
github
prion
prion
Deserialization of untrusted data
2019-10-05 23:15:00