cvedb.io
CVE-2021-35196
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2021-06-21T23:15:10.723 · Last modified 2026-06-17T03:57:16.647

Summary

Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file

Affected products

theologeek — manuskript

Does this affect you?

Add your gear to cvedb and we'll alert you only when theologeek ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.