Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the Decode function which runs pickle.loadsdecoded without isolation. An attacker can execute arbitrary code or manipulate application data by providing crafted serialized input. Details Serializati...