Io-No

**Name of the Vulnerable Software and Affected Versions** skops versions 0.12.0 and below skops versions prior to 0.13.0 **Description** The `Card.get model` function in skops allows for arbitrary code execution when loading models. This occurs because the function supports both `joblib` and `skops` for model loading. When loading non-.zip file formats, it silently falls back to `joblib` without warning, which allows arbitrary code execution during loading, bypassing security measures. This behavior is in contrast to `skops`, which enforces trusted type validation and raises errors for untrusted types. **Recommendations** skops versions 0.12.0 and below: Upgrade to version 0.13.0 or later to resolve this issue.

## Vulnerability Summary **Name of the Vulnerable Software and Affected Versions** skops versions 0.11.0 and below **Description** skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the `OperatorFuncNode` allows exploitation to hide the execution of untrusted operator methods. This can be leveraged in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. The vulnerability stems from a discrepancy between what is returned by `get untrusted types` and checked during loading, and what is actually called during the construction of the `OperatorFuncNode`. Specifically, the ` module ` key is not used in the construction, allowing an attacker to forge a module name that, when combined with the ` class ` name, appears harmless but actually executes an `operator.xxx` method. A proof-of-concept demonstrates the ability to execute arbitrary code by combining `OperatorFuncNode` with the `skops.io.loads` function and a hidden model within a zip file. **Recommendations** Versions prior to 0.12.0 are vulnerable. Update to version 0.12.0 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** skops versions 0.11.0 and below skops versions prior to 12.0.0 **Description** skops is a Python library used for sharing and shipping scikit-learn based models. A vulnerability exists due to an inconsistency in the `MethodNode` component, allowing access to unexpected object fields through dot notation. This can be exploited to achieve arbitrary code execution at load time. The vulnerability bypasses untrusted type detection mechanisms by chaining multiple `MethodNode` instances to traverse the Python object hierarchy and access dangerous components, such as the `builtins` dictionary. The `MethodNode` allows access to attributes of existing objects via dot notation without proper checks, enabling access to dangerous attributes and methods. **Recommendations** skops versions prior to 12.0.0 are vulnerable. Update to skops version 12.0.0 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Redis versions through 7.4.3 **Description** Redis allows excessive memory consumption via a multi-bulk command consisting of numerous bulks sent by an authenticated user. The server allocates memory for command arguments for each bulk, even if the command is skipped due to insufficient permissions. **Recommendations** Update to a version beyond 7.4.3.