QST: How to eliminate this threat for Pandas?

This issue has been created since 2022-11-21.

Research

  • I have searched the [pandas] tag on StackOverflow for similar questions.

  • I have asked my usage related question on StackOverflow.

Link to question on StackOverflow

https://advisories.gitlab.com/advisory/advpypi_pandas_CVE_2020_13091.html

Question about pandas

The pandas package contains a Deserialization of Untrusted Data vulnerability. The read_pickle function in pickle.py does not perform any validation on user provided data prior to deserialization. An attacker can exploit this by submitting a maliciously crafted file that when deserialized can result in command injection.

MarcoGorelli wrote this answer on 2022-11-21

thanks for the report

closing for now as dupe of #36256 and #48049

More Details About Repo
Owner Name pandas-dev
Repo Name pandas
Full Name pandas-dev/pandas
Language Python
Created Date 2010-08-24
Updated Date 2022-12-07
Star Count 36164
Watcher Count 1118
Fork Count 15472
Issue Count 3683

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
Logged out on browser close 2 2022-05-30 2022-09-11
Add support for migrating STREAM in cluster mode 2 2022-11-12 2022-12-04
Support more `ZRANGE` options 0 2022-11-13 2022-12-04
import data to formtools 1 2022-04-21 2022-08-07
Can we produce a subform? 0 2022-03-30 2022-05-20
User need to log in when changing forms 0 2022-03-14 2022-10-19
Convert Depth to Meters internally 2 2021-11-30 2022-07-11
Error building GLFW3 application template with latest cegui 2 2021-05-23 2022-11-02
Server storage report is wrong for NFS mounted UPLOAD_LOCATION 2 2022-03-20 2022-10-14
Import error with `Segmentation Fault` 0 2021-01-20 2022-10-10
Specifying python version 3.7 in the documentation as valid 1 2022-08-15 2022-11-15
FSM storage - reset_bucket calls set_data 0 2022-08-05 2022-11-15
Cannot pass arbitrary kwargs to Dispatcher constructor 0 2022-08-16 2022-11-15
Day4(GitHub) project structure. 0 2021-06-17 2022-11-05
Deploy to dev and test environments 0 2021-06-23 2022-09-29
[ESP32] Status LED not working 18 2022-03-01 2022-11-02
Any solutions for iOS? 45 2021-10-03 2022-11-29
Dapper using type handler in useless case 0 2022-10-24 2022-11-12
Clicking Venn diagram intersection and on histogram column (or vice versa) does not filter Error Instances table by both choices 1 2020-11-11 2022-11-29
Color does not work 10 2018-08-21 2022-01-12
Add support for multiple public APIs 1 2021-10-23 2022-10-16
Game, sometimes the sound level of the victory video is lower than the sound of the music, this in windowed mode or in full screen mode 1 2021-11-06 2022-08-13
[feature] Solid.js Support 1 2022-08-13 2022-12-03
How to use yolor in mmdetection? 3 2021-07-14 2022-10-31
[BUG] @SuperBuilder: compile warning happens when we use generated builder to set values 2 2021-11-26 2022-11-20
Binary does not work for Ubuntu 16.04 3 2019-09-26 2022-11-18
Add enemy that targets the player. 1 2019-08-20 2022-11-18
关于上线Linux和MacOS后的会话派生问题 4 2021-11-13 2022-11-20
Window view not writing data when there is a materialized view connected to it 0 2022-09-16 2022-11-05
Lightweight DELETE causes error "Number of rows ... differs from ... rows_sources" 2 2022-09-16 2022-11-05
DB::Exception: Cannot find column `toDateTime(number)` in source stream, there are only columns: [number]. (THERE_IS_NO_COLUMN) 2 2022-04-07 2022-12-05
Support OSC52 remote copy in terminal buffer 0 2022-10-15 2022-10-14
Studio installation nuances 0 2021-11-02 2022-12-04
Remove profiler-optional-jdk7 0 2022-06-17 2022-09-26
Offer custom property tokens to autocomplete 3 2017-01-30 2022-11-19
Some golf features don't render with a color in iD 0 2022-02-01 2022-10-07
Support vue3-infinitegrid type 0 2022-10-27 2022-11-14
Support React.StrictMode with useFirstRender 0 2022-04-08 2022-11-14
GB28181: 大华/海康相机在没有使能音频的情况下,推流到srs后,使用ffplay m3u8, 出现Stream #0:0: Audio: aac ([15][0][0][0] / 0x000F), 0 channels, fltp 3 2021-09-01 2022-12-02
[CMake] Improve version string generation 0 2022-05-29 2022-10-09
[FIRRTL] Grand Central Views/Taps Should Not Block Deduplication 0 2022-05-29 2022-09-29
Peer not discovered when using js-libp2p-kad-dht 1 2021-03-13 2022-11-27
Parallel Ensamble Callback Error 3 2021-12-05 2022-11-23
Error in TASK [etcd : Gen_certs | run cert generation script] 4 2022-01-18 2022-11-05
最新几个版本tts初始化失败以及单个书源内校验问题 0 2022-01-14 2022-11-20
[AssistedInject] Allow scoping of AssistedFactory with annotations 15 2021-10-28 2022-11-14
Update defaults for CI and supported versions 0 2021-10-11 2022-11-12
Compiling Wazuh agent 4.3.4 on Gentoo failed 1 2022-06-29 2022-11-25
Custom component with file output fails on Vertex 2 2022-10-20 2022-11-25
"Invalid argument supplied for foreach()" on $failures 1 2019-06-10 2022-12-02