제출 #593099: Upsonic <=v0.55.6 Deserialization
| 제목 | Upsonic <=v0.55.6 Deserialization |
|---|---|
| 설명 | When user is runing Upsonic, attacker via /tools/add_tool to achieve RCE by sending carefully crafted data. Because cloudpickle.loads(decoded_function) function is Unsafe Deserialization |
| 원천 | ⚠️ https:/ |
| 사용자 | Anonymous User |
| 제출 | 2025. 06. 09. AM 10:56 (10 개월 ago) |
| 모더레이션 | 2025. 06. 19. AM 08:53 (10 days later) |
| 상태 | 수락 |
| VulDB 항목 | 313283 [Upsonic 까지 0.55.6 Pickle /tools/add_tool cloudpickle.loads 권한 상승] |
| 포인트들 | 16 |