CNNVD-202507-3365 Information

CNNVD ID

CNNVD-202507-3365

Related CVE

CVE-2025-54412

• CNNVD Published: 2025-07-26

Description (Chinese)

Skops是Skops项目的一个 Python 库，可帮助共享基于 scikit-learn 的模型并将其投入生产。 Skops 0.11.0及之前版本存在安全漏洞，该漏洞源于OperatorFuncNode不一致性，可能导致任意代码执行。

Description (English)

Skops is a Python library of the Skops project that helps share and put into production models based on scikit-learn. There is a security loophole in the Skops 0.11.0 and previous versions, which stems from the lack of consistency in the OperationFuncNode and may lead to arbitrary code enforcement.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Skops

Published

2025-07-26

Last Modified

2026-02-24

References

https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603 https://github.com/skops-dev/skops/releases/tag/v0.12.0 https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3

Patch

https://github.com/skops-dev/skops/releases