CVE-2018-14572

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
28/08/2018
Last modified:
17/06/2026

Description

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pyconuk:conference-scheduler-cli:*:*:*:*:*:*:*:* 0.10.1 (including)