Remote Code Execution in jsonPickle python module
jsonpickle <= 1.4.2 versions allows remote code execution during deserialization of a malicious payload through the decode() function.
David Aguilar github repo
- 13 August 2020 reported to the vendor
- 17 December 2020 CVE published