Submeter #593099: Upsonic <=v0.55.6 Deserializationinformação

Título	Upsonic <=v0.55.6 Deserialization
Descrição	When user is runing Upsonic, attacker via /tools/add_tool to achieve RCE by sending carefully crafted data. Because cloudpickle.loads(decoded_function) function is Unsafe Deserialization
Fonte	⚠️ https://github.com/Upsonic/Upsonic/issues/353
Utilizador	Anonymous User
Submissão	09/06/2025 10h56 (há 10 meses)
Moderação	19/06/2025 08h53 (10 days later)
Estado	Aceite
Entrada VulDB	313283 [Upsonic até 0.55.6 Pickle /tools/add_tool cloudpickle.loads Elevação de Privilégios]
Pontos	16

Want to stay up to date on a daily basis?

Enable the mail alert feature now!