VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 87 of 87
  • CVE-2005-2875Sep 13, 2005
    risk 0.00cvss epss 0.02

    Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.