Security vulnerabilities and automated fixes for scapy issues
1 post found
A medium-severity vulnerability was discovered and patched in `scapy/scapy_pcp.py`, where an unchecked `self.__dict__.update(entries)` call allowed attackers to inject arbitrary keys—including dangerous dunder attributes—directly into object namespaces via untrusted network packet data. Left unpatched, this flaw could enable object state corruption, method overwriting, and potential remote code execution in applications that parse attacker-controlled packets. The fix introduces proper key filter