{"id":"PYSEC-2018-100","details":"base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.","aliases":["CVE-2014-3539","GHSA-r38r-qp28-2m63"],"modified":"2023-11-08T03:57:38.437208Z","published":"2018-04-06T16:29:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116485"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/02/07/1"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-r38r-qp28-2m63"}],"affected":[{"package":{"name":"rope","ecosystem":"PyPI","purl":"pkg:pypi/rope"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.11.0"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.10.6","0.10.7","0.2","0.2RC","0.2pre2","0.2pre3","0.2pre4","0.2pre5","0.3","0.3m1","0.3m2","0.3m3","0.3m4","0.3m5","0.3rc1","0.4","0.4m1","0.4m2","0.4m3","0.4m4","0.4m5","0.4rc1","0.5","0.5m1","0.5m2","0.5m3","0.5m4","0.5m5","0.5rc1","0.6","0.6.1","0.6.2","0.6m1","0.6m2","0.6m3","0.6m4","0.6m5","0.6m6","0.7","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8","0.8.1","0.8.2","0.8.3","0.8.4","0.9","0.9.1","0.9.2","0.9.3","0.9.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/rope/PYSEC-2018-100.yaml"}}],"schema_version":"1.7.3"}