CNNVD-202507-3366 Information
CNNVD ID
CNNVD-202507-3366
Related CVE
- CNNVD Published: 2025-07-26
Description (Chinese)
Skops是Skops项目的一个 Python 库,可帮助共享基于 scikit-learn 的模型并将其投入生产。 Skops 0.11.0及之前版本存在安全漏洞,该漏洞源于MethodNode不一致性,可能导致任意代码执行。
Description (English)
Skops is a Python library of the Skops project that helps share and put into production models based on scikit-learn. There is a security loophole in Skops 0.11.0 and earlier versions, which stems from Method Node ’ s inconsistency and may lead to arbitrary code enforcement.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Skops
Published
2025-07-26
Last Modified
2026-02-24
References
https://drive.google.com/drive/folders/1bmVV18mnPbWy21hVYgf51yVJpf78vtB_?usp=sharing https://github.com/skops-dev/skops/commit/0aeca055509dfb48c1506870aabdd9e247adf603 https://github.com/skops-dev/skops/releases/tag/v0.12.0 https://github.com/skops-dev/skops/security/advisories/GHSA-4v6w-xpmh-gfgp https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3
Patch
https://github.com/skops-dev/skops/releases
Share on: