Vulnerability
Remote Code Execution in jsonPickle python module
Vulnerability Description
jsonpickle <= 1.4.2 versions allows remote code execution during deserialization of a malicious payload through the decode() function.
CVE-ID
CVE-2020-22083
Vendor
David Aguilar github repo
Product
jsonpickle <=1.4.2
Disclosure Timeline
- 13 August 2020 reported to the vendor
- 17 December 2020 CVE published
Credits
Manmeet Singh