CNNVD-202511-2699 Information

CNNVD ID

CNNVD-202511-2699

Related CVE

CVE-2025-62703

• CNNVD Published: 2025-11-25

Description (Chinese)

fugue是The Fugue Project开源的一个分布式计算的统一接口。 fugue 0.9.2及之前版本存在代码问题漏洞，该漏洞源于FlaskRPCServer通过pickle反序列化实现远程代码执行。

Description (English)

Fugue is a uniform interface for distributional calculations from the Fugue Project open source. Fugue 0.9.2 and previous versions had a code problem loophole, which stemmed from the remote code implementation of FlaskRPCerver by pickle inverse sequence.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

The Fugue Project

Published

2025-11-25

Last Modified

2026-02-24

References

https://github.com/fugue-project/fugue/security/advisories/GHSA-xv5p-fjw5-vrj6 https://github.com/fugue-project/fugue/commit/6f25326779fd1f528198098d6287c5a863176fc0 https://access.redhat.com/security/cve/cve-2025-62703

Patch

https://github.com/fugue-project/fugue/releases