CNNVD-202601-3918 Information
CNNVD ID
CNNVD-202601-3918
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Tendenci是美国Tendenci公司的一款主要用于非营利组织和协会的协会管理软件。该软件支持会员管理、内容管理、事件管理和网上捐款管理等功能。 Tendenci 15.3.11及之前版本存在代码问题漏洞,该漏洞源于Helpdesk模块使用不安全的pickle反序列化,可能导致远程代码执行。
Description (English)
Tendenci is an association management software for non-profit organizations and associations in the United States of America. The software supports member management, content management, event management and online contribution management functions. There is a code problem loophole in Tendenci 15.3.11 and earlier versions, which stems from the use of unsafe pickle backsequencing in the Helpdesk module, which may lead to remote code implementation.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Tendenci
Published
2026-01-22
Last Modified
2026-02-24
References
https://docs.python.org/3/library/pickle.html#restricting-globals https://github.com/advisories/GHSA-jqmc-fxxp-r589 https://github.com/tendenci/tendenci/commit/23d9fd85ab7654e9c83cfc86cb4175c0bd7a77f1 https://github.com/tendenci/tendenci/commit/2ff0a457614944a1b417081c543ea4c5bb95d636 https://github.com/tendenci/tendenci/commit/63e1b84a5b163466d1d8d811d35e7021a7ca0d0e https://github.com/tendenci/tendenci/issues/867 https://github.com/tendenci/tendenci/releases/tag/v15.3.12 https://github.com/tendenci/tendenci/security/advisories/GHSA-339m-4qw5-j2g3 https://access.redhat.com/security/cve/cve-2026-23946