CNNVD-202510-202 Information
Oct 01, 2025
cve
CNNVD ID
CNNVD-202510-202
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Apache Fory是Apache基金会的一个序列化框架。 Apache Fory存在安全漏洞,该漏洞源于反序列化不可信数据时使用pickle回退序列化器,可能导致任意代码执行。以下版本受到影响:pyfory 0.12.0版本至0.12.2版本和pyfury 0.1.0版本至0.10.3版本。
Description (English)
Apache Fory is a sequenced framework for the Apache Foundation. There is a security loophole in Apache Fory, which stems from the use of a pickle back-sequencing device when anti-sequencing untrustworthy data can lead to arbitrary code execution. The following versions were affected: pyfory version 0.12.0 to 0.12.2 and pyfury version 0.1.0 to 0.15.3.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-10-01
Last Modified
2026-02-24
References
https://lists.apache.org/thread/vfn9hp9qt06db5yo1gmj3l114o3o2csd
Patch
https://lists.apache.org/thread/vfn9hp9qt06db5yo1gmj3l114o3o2csd
Share on: