CVE-2014-0485

Name of the Vulnerable Software and Affected Versions S3QL versions 1.18.1 and earlier

Description The issue allows remote attackers to execute arbitrary code via a crafted serialized object. This is due to the unsafe use of the pickle Python module in files such as common.py or local.py in backends/. Multiple vulnerabilities in the S3QL package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For S3QL versions 1.18.1 and earlier, as a temporary workaround, consider restricting access to the pickle Python module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.