The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeb2py
APPWeb2Py< 2.14.2
Powiązane podatności
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to u...
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via ...
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote...
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variabl...
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious ...