CNNVD-202510-799 Information

CNNVD ID

CNNVD-202510-799

Related CVE

CVE-2025-61765

• CNNVD Published: 2025-10-06

Description (Chinese)

python-socketio是Miguel Grinberg个人开发者的一个Python套接字库。 python-socketio 5.14.0之前版本存在代码问题漏洞，该漏洞源于使用pickle模块进行反序列化，可能导致远程代码执行。

Description (English)

Python-socketo is a Python repository of Miguel Grinberg’s personal developers. Before python-sockedio 5.14.0, there was a code problem loophole, which stemmed from the use of the pickle module for inverse sequencing, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-10-06

Last Modified

2026-02-24

References

https://github.com/miguelgrinberg/python-socketio/commit/53f6be094257ed81476b0e212c8cddd6d06ca39a https://github.com/miguelgrinberg/python-socketio/security/advisories/GHSA-g8c6-8fjj-2r4m

Patch

https://python-socketio.readthedocs.io/en/stable/