Súbít #593099: Upsonic <=v0.55.6 Deserializationbayani

KuraUpsonic <=v0.55.6 Deserialization
GaskiyaWhen user is runing Upsonic, attacker via /tools/add_tool to achieve RCE by sending carefully crafted data. Because cloudpickle.loads(decoded_function) function is Unsafe Deserialization
Manga⚠️ https://github.com/Upsonic/Upsonic/issues/353
Màdùmga
 Anonymous User
Furta06/09/2025 10:56 (8 Wurɗi 전)
Gargajiya06/19/2025 08:53 (10 days later)
HalittaShingilam
VulDB gite313283 [Upsonic har 0.55.6 Pickle /tools/add_tool cloudpickle.loads kura hakki ndiyam]
Nganji16

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!