Vulnetix
Try Vulnetix Request Demo
PYSEC-2023-238 PUBLISHED CVSS 9.300000190734863 CRITICAL

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
PyPIpyarrow10.0.0, 2.0.0, 0.14.0

Timeline

References

Open in Interactive Console →