CVE-2019-6446 NumPy pickle Python Module Remote Code Execution Vulnerability – 16th Jan 2019

Preface: Gamma-Ray Observatory Satellite Mission for the study of cosmic gamma-ray sources in the keV to MeV energy range.

About Numpy and Gammapy:

NumPy is an open source Python package for scientific computing. NumPy supports large, multidimensional arrays and matrices. NumPy is written in Python and C. NumPy arrays are faster compared to Python lists.

Gammapy is an open-source Python package for gamma-ray analysis built on Numpy and Astropy. It is a prototype for the Cherenkov Telescope Array (CTA) science tools, and can be used to analyse data from existing gamma-ray telescopes.

Security Alert : NumPy pickle Python Module

NumPy could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the unsafe use of the pickle Python module by the affected software.

Official Announcements: https://github.com/numpy/numpy/issues/12759