-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe core vulnerability stems from unsafe pickle deserialization in Dask's distributed component. The primary culprit is the pickle.loads method in the serialization pathway (explicitly shown in distributed.protocol.pickle). Worker task handling functions like handle_task inherit this vulnerability by processing untrusted serialized data. Confidence is high for the direct deserialization function and medium for the task handler due to contextual inference about data flow.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dask | pip |