python-jsonpickle

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Python library for serializing any arbitrary object graph into JSON
Version 1.5.1-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1370 1.5.1-1 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-22083 AVG-1370 Low No Arbitrary code execution
jsonpickle allows arbitrary code execution during deserialisation of a malicious payload through the decode() function. Note: It has been argued that this...