PT-2022-13109 · Loguru · Loguru
Published
2022-01-21
·
Updated
2025-05-17
·
CVE-2022-0329
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
loguru versions prior to 0.6.0
Description
The issue concerns a lack of sanitization on log serialization, which can lead to arbitrary code execution. The function in question is intended for internal use only but is not restricted. This issue has been disputed by the maintainer, but the library's behavior has been altered in a commit. The issue was initially considered a security vulnerability but has been revoked.
Recommendations
For versions prior to 0.6.0, update to version 0.6.0 to resolve the issue. As a temporary workaround, consider restricting the use of the function in question, intended for internal use only, until the update is applied.
Exploit
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Loguru