Publish GHSA-6m2c-76ff-6vrf

Author: advisory-database[bot]

advisories/github-reviewed/2025/03/GHSA-6m2c-76ff-6vrf/GHSA-6m2c-76ff-6vrf.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6m2c-76ff-6vrf",
-  "modified": "2025-03-15T20:47:02Z",
+  "modified": "2025-05-02T21:58:50Z",
   "published": "2025-03-14T19:56:14Z",
   "aliases": [
     "CVE-2025-2000"
   ],
   "summary": "Qiskit allows arbitrary code execution decoding QPY format versions < 13",
-  "details": "### Impact\n\nA maliciously crafted QPY file containing can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of a specially constructed payload.\n\n### Patches\n\nFixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2",
+  "details": "### Impact\n\nA maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of a specially constructed payload.\n\n### Patches\n\nFixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2",
   "severity": [
     {
       "type": "CVSS_V3",