CVE-2019-6446: Arbitrary Code Execution
(updated )
An unsafe use of the pickle Python module allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load
call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
References
Detect and mitigate CVE-2019-6446 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →