Vulnerability Details CVE-2014-0485
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.debian.org/security/2014/dsa-3013
- http://www.openwall.com/lists/oss-security/2014/08/28/3
- https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8
- http://www.debian.org/security/2014/dsa-3013
- http://www.openwall.com/lists/oss-security/2014/08/28/3
- https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8
Products affected by CVE-2014-0485
-
cpe:2.3:a:s3ql_project:s3ql:0.1
-
cpe:2.3:a:s3ql_project:s3ql:0.10
-
cpe:2.3:a:s3ql_project:s3ql:0.11
-
cpe:2.3:a:s3ql_project:s3ql:0.12
-
cpe:2.3:a:s3ql_project:s3ql:0.13
-
cpe:2.3:a:s3ql_project:s3ql:0.14
-
cpe:2.3:a:s3ql_project:s3ql:0.15
-
cpe:2.3:a:s3ql_project:s3ql:0.16
-
cpe:2.3:a:s3ql_project:s3ql:0.17
-
cpe:2.3:a:s3ql_project:s3ql:0.18
-
cpe:2.3:a:s3ql_project:s3ql:0.19
-
cpe:2.3:a:s3ql_project:s3ql:0.2
-
cpe:2.3:a:s3ql_project:s3ql:0.20
-
cpe:2.3:a:s3ql_project:s3ql:0.20.1
-
cpe:2.3:a:s3ql_project:s3ql:0.21
-
cpe:2.3:a:s3ql_project:s3ql:0.22
-
cpe:2.3:a:s3ql_project:s3ql:0.23
-
cpe:2.3:a:s3ql_project:s3ql:0.24
-
cpe:2.3:a:s3ql_project:s3ql:0.25
-
cpe:2.3:a:s3ql_project:s3ql:0.26
-
cpe:2.3:a:s3ql_project:s3ql:0.27
-
cpe:2.3:a:s3ql_project:s3ql:0.28
-
cpe:2.3:a:s3ql_project:s3ql:0.29
-
cpe:2.3:a:s3ql_project:s3ql:0.3
-
cpe:2.3:a:s3ql_project:s3ql:0.30
-
cpe:2.3:a:s3ql_project:s3ql:0.4
-
cpe:2.3:a:s3ql_project:s3ql:0.43
-
cpe:2.3:a:s3ql_project:s3ql:0.5
-
cpe:2.3:a:s3ql_project:s3ql:0.6
-
cpe:2.3:a:s3ql_project:s3ql:0.7
-
cpe:2.3:a:s3ql_project:s3ql:0.8
-
cpe:2.3:a:s3ql_project:s3ql:0.9
-
cpe:2.3:a:s3ql_project:s3ql:1.0
-
cpe:2.3:a:s3ql_project:s3ql:1.0.1
-
cpe:2.3:a:s3ql_project:s3ql:1.1
-
cpe:2.3:a:s3ql_project:s3ql:1.1.2
-
cpe:2.3:a:s3ql_project:s3ql:1.1.3
-
cpe:2.3:a:s3ql_project:s3ql:1.1.4
-
cpe:2.3:a:s3ql_project:s3ql:1.10
-
cpe:2.3:a:s3ql_project:s3ql:1.11
-
cpe:2.3:a:s3ql_project:s3ql:1.11.1
-
cpe:2.3:a:s3ql_project:s3ql:1.12
-
cpe:2.3:a:s3ql_project:s3ql:1.13
-
cpe:2.3:a:s3ql_project:s3ql:1.13.1
-
cpe:2.3:a:s3ql_project:s3ql:1.13.2
-
cpe:2.3:a:s3ql_project:s3ql:1.14
-
cpe:2.3:a:s3ql_project:s3ql:1.15
-
cpe:2.3:a:s3ql_project:s3ql:1.16
-
cpe:2.3:a:s3ql_project:s3ql:1.17
-
cpe:2.3:a:s3ql_project:s3ql:1.18
-
cpe:2.3:a:s3ql_project:s3ql:1.18.1
-
cpe:2.3:a:s3ql_project:s3ql:1.2
-
cpe:2.3:a:s3ql_project:s3ql:1.3
-
cpe:2.3:a:s3ql_project:s3ql:1.4
-
cpe:2.3:a:s3ql_project:s3ql:1.5
-
cpe:2.3:a:s3ql_project:s3ql:1.6
-
cpe:2.3:a:s3ql_project:s3ql:1.7
-
cpe:2.3:a:s3ql_project:s3ql:1.8
-
cpe:2.3:a:s3ql_project:s3ql:1.8.1
-
cpe:2.3:a:s3ql_project:s3ql:1.9