CVE Vulnerabilities

CVE-2014-3539

Published: Apr 06, 2018 | Modified: Sep 09, 2020
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.

Affected Software

Name Vendor Start Version End Version
Rope Rope_project * 0.11.0 (excluding)

References