7 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-22083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that...
CVE-2020-22083
Python-jsonpickle allows remote code execution during deserialization of a malicious payload through the decode function...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
absarsnew (=1.1.0), airiam (>=0.1.2 <=0.1.8) +156 more potentially affected by CVE-2020-22083 via jsonpickle (>=0.7.1 <=1.4.1)
jsonpickle PYPI version =0.7.1, =0.1.2, =4.0.0, =1.1.4, =2.4.0, =1.0.0, =1.0.2 - apimaticclicksendapi =1.0.0 - apimaticsendapi =1.0.0 - apimaticswaggerpetstore =1.0.0 and more Source cves: CVE-2020-22083 Source advisory: OSV:PYSEC-2020-49...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
CVE-2020-22083
CVE-2020-22083 affects jsonpickle up to version 1.4.1. The vulnerability enables remote code execution during deserialization of a malicious payload via the decode() function. The description notes this behavior has been argued as expected/documented in pickle usage. Several connected sources cor...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...