CNNVD-202510-755 Information
CNNVD ID
CNNVD-202510-755
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
PyVista是PyVista开源的一个3D绘图和网格分析的Python库。 PyVista 0.46.3版本存在代码注入漏洞,该漏洞源于依赖混淆,可能导致远程代码执行和供应链攻击。
Description (English)
PyVista is a Python library of 3D mapping and grid analysis from the PyVista Open Source. Version 0.46.3 of PyVista has a code-injecting loophole, which stems from reliance confusion and may lead to remote code implementation and supply chain attacks.
Hazard Level
Low
Vulnerability Type
代码注入
Affected Vendor
PyVista
Published
2025-10-06
Last Modified
2026-02-24
References
https://github.com/pyvista/pyvista/blob/c96e1ddbe707fb7d3eb574dc3336de1a946f14a1/.devcontainer/offscreen/oncreatecommand.sh#L4 https://github.com/pyvista/pyvista/blob/c96e1ddbe707fb7d3eb574dc3336de1a946f14a1/docker/slim.Dockerfile#L13 https://github.com/pyvista/pyvista/commit/aabfb3db2b0d4980de9e94e66272240efba4ed95 https://github.com/pyvista/pyvista/security/advisories/GHSA-xr7f-qcjc-63rv