CNNVD-202508-755 Information

CNNVD ID

CNNVD-202508-755

Related CVE

CVE-2025-54886

• CNNVD Published: 2025-08-08

Description (Chinese)

Skops是Skops项目的一个 Python 库，可帮助共享基于 scikit-learn 的模型并将其投入生产。 Skops 0.12.0及之前版本存在代码问题漏洞，该漏洞源于Card.get_model函数未防止任意代码执行，可能导致安全风险。

Description (English)

Skops is a Python library of the Skops project that helps share and put into production models based on scikit-learn. The Skops 0.12.0 and previous versions had a code problem loophole, which stemmed from the fact that the Card.get model function did not prevent arbitrary code implementation, which could lead to security risks.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Skops

Published

2025-08-08

Last Modified

2026-02-24

References

https://github.com/skops-dev/skops/commit/29d61ea8a92f2bde6830e8f32cc72a1a87211cda https://github.com/skops-dev/skops/security/advisories/GHSA-378x-6p4f-8jgm

Patch

https://github.com/skops-dev/skops/releases