NumPy是一个功能强大的Python库,主要用于对多维数组执行计算。大佬们分析称其版本小于等于1.16.0存在该漏洞,修复建议是删除lib/npyio.py中load函数的参数allow_pickle或将其值改为False就可以避免反序列化问题;在测试1.16.3(Mac/Windows)版本该load函数移除了allow_pickle参数。但依旧存在命令执行。 测试时最新版本为1.16.3
-
Notifications
You must be signed in to change notification settings - Fork 4
RayScri/CVE-2019-6446
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
Numpy deserialization command execution
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published