Skip to content

Commit 4987d2c

Browse files
1 parent fce1a67 commit 4987d2c

1 file changed

Lines changed: 19 additions & 3 deletions

File tree

advisories/github-reviewed/2022/05/GHSA-9fq2-x9r6-wfmf/GHSA-9fq2-x9r6-wfmf.json

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-9fq2-x9r6-wfmf",
4-
"modified": "2024-10-08T12:38:39Z",
4+
"modified": "2026-07-06T15:24:13Z",
55
"published": "2022-05-24T22:00:57Z",
66
"aliases": [
77
"CVE-2019-6446"
88
],
99
"summary": "Numpy Deserialization of Untrusted Data",
10-
"details": "** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
10+
"details": "** DISPUTED ** An issue was discovered in NumPy 1.16.2 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.",
1111
"severity": [
1212
{
1313
"type": "CVSS_V3",
@@ -32,7 +32,7 @@
3232
"introduced": "0"
3333
},
3434
{
35-
"last_affected": "1.16.0"
35+
"fixed": "1.16.3"
3636
}
3737
]
3838
}
@@ -52,6 +52,14 @@
5252
"type": "WEB",
5353
"url": "https://github.com/numpy/numpy/pull/12889"
5454
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/numpy/numpy/pull/13359"
58+
},
59+
{
60+
"type": "WEB",
61+
"url": "https://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb"
62+
},
5563
{
5664
"type": "WEB",
5765
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
@@ -64,6 +72,10 @@
6472
"type": "WEB",
6573
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1122208"
6674
},
75+
{
76+
"type": "ADVISORY",
77+
"url": "https://github.com/advisories/GHSA-9fq2-x9r6-wfmf"
78+
},
6779
{
6880
"type": "PACKAGE",
6981
"url": "https://github.com/numpy/numpy"
@@ -95,6 +107,10 @@
95107
{
96108
"type": "WEB",
97109
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html"
110+
},
111+
{
112+
"type": "WEB",
113+
"url": "http://www.securityfocus.com/bid/106670"
98114
}
99115
],
100116
"database_specific": {

0 commit comments

Comments
 (0)