Advisory Database
  • Advisories
  • Dependency Scanning
  1. pypi
  2. ›
  3. Py2Play
  4. ›
  5. CVE-2005-2875

CVE-2005-2875: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

May 1, 2022 (updated September 18, 2023)

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.

References

  • bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976
  • www.debian.org/security/2005/dsa-856
  • www.gentoo.org/security/en/glsa/glsa-200509-09.xml
  • bugs.gentoo.org/show_bug.cgi?id=103524
  • github.com/advisories/GHSA-wcpc-f63g-x26q
  • nvd.nist.gov/vuln/detail/CVE-2005-2875
  • web.archive.org/web/20040824010038/http://home.gna.org/oomadness/fr/slune/index.html
  • web.archive.org/web/20050213041706/http://soya.literati.org/
  • web.archive.org/web/20161225000907/http://www.securityfocus.com/bid/14864

Code Behaviors & Features

Detect and mitigate CVE-2005-2875 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions up to 0.1.8

Solution

Unfortunately, there is no solution available yet.

Impact 7.5 HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Learn more about CVSS

Weakness

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Source file

pypi/Py2Play/CVE-2005-2875.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:58 +0000.