5 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-47952
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSO...
Deserialization of Untrusted Data
Overview jsonpickle is a Python library for serializing any arbitrary object graph into JSON. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadrepr function in Unpickler. An attacker can execute arbitrary system commands by supplying malicious JSON...
abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +188 more potentially affected by CVE-2020-22083 via jsonpickle (>=0.7.1 <=1.4.2)
jsonpickle PYPI version =0.7.1, =1.0.0, =2.0.0, =0.1.2, =4.0.0, =1.1.4, =2.4.0, =2.5.0 - apimaticcalculatorlatest =4.0.0 - apimaticcalculatorpythonv6demo =1.0.2 and more Source cves: CVE-2020-22083 Source advisory: OSV:GHSA-J66Q-QMRC-89RX...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
PYSEC-2020-49
DISPUTED jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must no...