rpm package
opensuse/python-jsonpath-ng&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-jsonpath-ng&distro=openSUSE%20Tumbleweed
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-56005 | — | < 1.8.0-1.1 | 1.8.0-1.1 | Jan 20, 2026 | An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pic |
- CVE-2025-56005Jan 20, 2026affected < 1.8.0-1.1fixed 1.8.0-1.1
An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because `pic