Enviar #593099: Upsonic <=v0.55.6 Deserializationinformación

Título	Upsonic <=v0.55.6 Deserialization
Descripción	When user is runing Upsonic, attacker via /tools/add_tool to achieve RCE by sending carefully crafted data. Because cloudpickle.loads(decoded_function) function is Unsafe Deserialization
Fuente	⚠️ https://github.com/Upsonic/Upsonic/issues/353
Usuario	Anonymous User
Sumisión	2025-06-09 10:56 (hace 10 meses)
Moderación	2025-06-19 08:53 (10 days later)
Estado	Aceptado
Entrada de VulDB	313283 [Upsonic hasta 0.55.6 Pickle /tools/add_tool cloudpickle.loads escalada de privilegios]
Puntos	16

Do you need the next level of professionalism?

Upgrade your account now!