bce-sdk-python icon indicating copy to clipboard operation
bce-sdk-python copied to clipboard
verified publisher icon baidubce

CVE-2025-50817, High level vulnerability

Open navya-sriv opened this issue 3 months ago • 0 comments

Hi guys, It appears that bce-python-sdk is affected by CVE-2025-50817 due to its dependency on future. The vulnerability arises because future can automatically import a local test.py file, which could lead to arbitrary code execution if a malicious file is present in the environment. Could you please take a look and plan a fix or mitigation for this in the library?

navya-sriv avatar Oct 06 '25 08:10 navya-sriv