Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.
Remote Code Execution in jsonPickle python module
jsonpickle <= 1.4.2 versions allows remote code execution during deserialization of a malicious payload through the decode() function.
David Aguilar github repo
- 13 August 2020 reported to the vendor
- 17 December 2020 CVE published