CNNVD-202601-3192 Information
CNNVD ID
CNNVD-202601-3192
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
PLY是B07个人开发者的一个Python库。 PLY 3.11版本存在安全漏洞,该漏洞源于yacc函数的picklefile参数未经验证地反序列化pickle文件,可能导致远程代码执行。
Description (English)
PLY is a Python library of B07 individual developers. The PLY 3.11 version has a security loophole, which originates from an unverified anti-sequenced pickle file of the yac function, which may lead to remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/tom025/ply_exploit_rejection/issues/1 https://github.com/bohmiiidd/Undocumented-RCE-in-PLY https://github.com/bohmiiidd/Undocumument_RCE_PLY-yacc-CVE-2025-56005 http://www.openwall.com/lists/oss-security/2026/01/30/1 http://www.openwall.com/lists/oss-security/2026/01/29/2 http://www.openwall.com/lists/oss-security/2026/01/28/5 http://www.openwall.com/lists/oss-security/2026/01/23/5 http://www.openwall.com/lists/oss-security/2026/01/23/4 http://www.openwall.com/lists/oss-security/2026/01/29/1
Share on: