python-jsonpickle

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Python library for serializing any arbitrary object graph into JSON
Version 3.3.0-2 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1370 1.5.2-3 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-22083 AVG-1370 Low Yes Arbitrary code execution
** DISPUTED ** jsonpickle allows arbitrary code execution during deserialisation of a malicious payload through the decode() function. Note: It has been...