all InfoSec news
Apache Arrow PyArrow Arbitrary Code Execution Vulnerability (CVS 2023-47248) Notification
Security Boulevard securityboulevard.com
Overview Recently, NSFOCUS CERT found that Apache Arrow issued a security notice, which fixed an arbitrary code execution vulnerability in the PyArrow library (CVE-2023-47248). Due to PyArrow reading Arrow IPC, Feather, or Parquet data from untrusted sources, PyExtensionType creates an automatic loading feature that allows for deserialization of data from non PyArrow sources. When using […]
The post Apache Arrow PyArrow Arbitrary Code Execution Vulnerability (CVS 2023-47248) Notification appeared first on NSFOCUS, Inc., a global network and cyber security leader, …
apache arbitrary code arrow automatic blog cert code code execution cve cvs data deserialization emergency-response feather feature found ipc library notice notification pyarrow security security notice untrusted vulnerability