QwikSec

Security Database

CVE

CWE

Training

CVE-2019-6446

Published: Jan 16, 2019

Modified: Jul 21, 2025

PUBLISHED

Description

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.suse.com/show_bug.cgi?id=1122208

vdb-entry

https://github.com/numpy/numpy/issues/12759

FEDORA-2019-1dfe95a864

vendor-advisory

openSUSE-SU-2019:2227

vendor-advisory

openSUSE-SU-2019:2225

vendor-advisory

openSUSE-SU-2019:2259

vendor-advisory

vendor-advisory

vendor-advisory

https://github.com/numpy/numpy/pull/13359

https://github.com/numpy/numpy/pull/12889

https://github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.