CVE-2005-2875: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.
References
- bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976
- www.debian.org/security/2005/dsa-856
- www.gentoo.org/security/en/glsa/glsa-200509-09.xml
- bugs.gentoo.org/show_bug.cgi?id=103524
- github.com/advisories/GHSA-wcpc-f63g-x26q
- nvd.nist.gov/vuln/detail/CVE-2005-2875
- web.archive.org/web/20040824010038/http://home.gna.org/oomadness/fr/slune/index.html
- web.archive.org/web/20050213041706/http://soya.literati.org/
- web.archive.org/web/20161225000907/http://www.securityfocus.com/bid/14864
Detect and mitigate CVE-2005-2875 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →