Pyarrow
1 CVEs
product
Monthly
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Apache
RCE
Deserialization
Pyarrow
NVD
GitHub
CVSS 3.1
9.8
EPSS
14.4%
CVE-2023-47248
PyPI
EPSS 14%
CVSS 9.8
CRITICAL
POC
PATCH
THREAT
Act Now
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Apache
RCE
Deserialization
+1
NVD
GitHub