python · glancesCritical
Glances pickle.load() arbitrary code execution via cache file
Glances uses pickle.load() on a predictable cache file without integrity checks, allowing arbitrary code execution via malicious pickle.
What changed
Glances uses pickle.load() on a predictable cache file without integrity checks, allowing arbitrary code execution via malicious pickle.
Who it affects
Any system running Glances with default version checking enabled, especially multi-user hosts or container deployments with shared volumes.
What to do today
Replace pickle with JSON for version cache or add HMAC verification; restrict cache directory permissions to 0700.
The trail
Collected→
Audited→
Written→
Published