python-jsonpickle
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Python library for serializing any arbitrary object graph into JSON |
Version | 3.3.0-2 [extra] |
Open
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1370 | 1.5.2-3 | Low | Vulnerable |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2020-22083 | AVG-1370 | Low | Yes | Arbitrary code execution | ** DISPUTED ** jsonpickle allows arbitrary code execution during deserialisation of a malicious payload through the decode() function. Note: It has been... |