python-jsonpickle
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Python library for serializing any arbitrary object graph into JSON |
| Version | 1.5.1-1 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1370 | 1.5.1-1 | Low | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-22083 | AVG-1370 | Low | No | Arbitrary code execution | jsonpickle allows arbitrary code execution during deserialisation of a malicious payload through the decode() function. Note: It has been argued that this... |