3 matches found
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
Deserialization of untrusted data
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...
CVE-2020-22083
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...