Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data qiskit is an An open-source SDK for working with quantum computers at the level of extended quantum circuits, operators, and primitives. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the `qiskit.qpy.load()` function. An attacker can execute arbitrary code by crafting a malicious QPY file and loading it via this function. This is only exploitable if the QPY file format version is less than 13. How to fix Deserialization of Untrusted Data? Upgrade `qiskit` to version 1.4.1, 2.0.0rc2 or higher.	[0.18.0,1.4.1)[2.0.0rc1,2.0.0rc2)
H Deserialization of Untrusted Data qiskit is an An open-source SDK for working with quantum computers at the level of extended quantum circuits, operators, and primitives. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization of QPY files containing malformed `symengine` serialization streams. An attacker can terminate the process by sending a crafted QPY file. This is only exploitable if `symengine <= 0.13.0` is installed and the QPY format version is between 10 and 12. How to fix Deserialization of Untrusted Data? Upgrade `qiskit` to version 1.3.0 or higher.	[0.45.0,1.3.0)

Deserialization of Untrusted Data

qiskit is an An open-source SDK for working with quantum computers at the level of extended quantum circuits, operators, and primitives.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the qiskit.qpy.load() function. An attacker can execute arbitrary code by crafting a malicious QPY file and loading it via this function. This is only exploitable if the QPY file format version is less than 13.

How to fix Deserialization of Untrusted Data?

Upgrade qiskit to version 1.4.1, 2.0.0rc2 or higher.

[0.18.0,1.4.1)[2.0.0rc1,2.0.0rc2)

Deserialization of Untrusted Data

qiskit is an An open-source SDK for working with quantum computers at the level of extended quantum circuits, operators, and primitives.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization of QPY files containing malformed symengine serialization streams. An attacker can terminate the process by sending a crafted QPY file. This is only exploitable if symengine <= 0.13.0 is installed and the QPY format version is between 10 and 12.

How to fix Deserialization of Untrusted Data?

Upgrade qiskit to version 1.3.0 or higher.

[0.45.0,1.3.0)

Go back to all versions of this package