Skip to main content

CWE-1112

Incomplete Documentation of Program Execution

2 CVEs Avg CVSS 7.3 MITRE
0
CRITICAL
2
HIGH
0
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2025-3108 PyPI HIGH POC PATCH This Week

A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.

Deserialization RCE Python Llamaindex
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29241 HIGH This Week

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Building Integration System
NVD
CVSS 3.1
7.1
EPSS
0.4%
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.

Deserialization RCE Python +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Building Integration System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy