Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT
Vulnerability Description
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constructors that allocate memory proportional to their input (builtins.bytes, builtins.list, builtins.range). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta objects or call pickle_load with untrusted data. This issue has been patched in version 8.6.2.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
DeepDiff 资源管理错误漏洞
Vulnerability Description
DeepDiff是Sep Dehpour个人开发者的一个Python库。 DeepDiff 5.0.0至8.6.2之前版本存在资源管理错误漏洞,该漏洞源于_RestrictedUnpickler未限制构造函数参数,可能导致加载不受信任的pickle数据时消耗大量内存并导致应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A