Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Vulnerability

Remote Code Execution in jsonPickle python module

Vulnerability Description

jsonpickle <= 1.4.2 versions allows remote code execution during deserialization of a malicious payload through the decode() function.

CVE-ID

CVE-2020-22083

Vendor

David Aguilar github repo

Product

jsonpickle <=1.4.2

Disclosure Timeline

  1. 13 August 2020 reported to the vendor
  2. 17 December 2020 CVE published

Credits

Manmeet Singh