Improper Handling Of Unsafe Deserialization
fickling is vulnerable to improper handling of unsafe deserialization. The vulnerability is due to Fickling not treating Python’s cProfile module as unsafe, which results in malicious pickles using cProfile.run being misclassified as SUSPICIOUS instead of OVERTLYMALICIOUS, allowing an attacker to...