Vulnerability in blueprint project

While working on blueprint project, I scanned the project dependencies using a vulnerability scanner and identified [CVE-2026-29091](https://vulert.com/vuln-db/CVE-2026-29091?scan-id=38f1e96a-d168-4c87-85e0-5d351b1bc59a) affecting the locutus package. The issue exists in the implementation of the `call_user_func_array` function in vulnerable versions of the library. The vulnerability occurs because the function does not properly validate the method identifier in callback arrays and relies on the use of `eval()` internally.

[CVE Link](https://vulert.com/vuln-db/CVE-2026-29091?scan-id=38f1e96a-d168-4c87-85e0-5d351b1bc59a)
[CVE Report](https://vulert.com/vuln-scan/list/f879037a-b8b8-4568-8563-46ef374aeb04?sort_order=desc&sort_by=created_at)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability in blueprint project #7843

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability in blueprint project #7843

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions