CVE-2014-0485
s3ql - security update
EPSS 1.6%
Description
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
How to fix CVE-2014-0485
To remediate CVE-2014-0485, upgrade the affected package to a fixed version below.
- Debian/s3ql—upgrade to 2.10.1+dfsg-4 or later
- Debian/s3ql—upgrade to 1.11.1-3+deb7u1 or later
Is CVE-2014-0485 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.10.1+dfsg-4
- from 0, < 1.11.1-3+deb7u1