An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources
References
Configurations
History
07 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources |
Information
Published : 2019-01-16 05:29
Updated : 2024-04-11 01:05
NVD link : CVE-2019-6446
Mitre link : CVE-2019-6446
CVE.ORG link : CVE-2019-6446
JSON object : View
Products Affected
numpy
- numpy
fedoraproject
- fedora
CWE
CWE-502
Deserialization of Untrusted Data