Python pickle deserialization vulnerability
GPTKB entity
Statements (22)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:affects |
gptkb:Python
web applications desktop applications machine learning pipelines |
gptkbp:canBe |
malicious payload
|
gptkbp:category |
gptkb:security
deserialization vulnerability |
gptkbp:cause |
untrusted data deserialization
|
gptkbp:documentedIn |
gptkb:Python_documentation
OWASP guidelines |
gptkbp:firstReported |
2011
|
https://www.w3.org/2000/01/rdf-schema#label |
Python pickle deserialization vulnerability
|
gptkbp:mitigatedBy |
avoid unpickling untrusted data
use safer serialization formats |
gptkbp:relatedTo |
pickle module
|
gptkbp:riskFactor |
remote code execution
arbitrary code execution |
gptkbp:vulnerableTo |
CVE-2011-1832
CVE-2018-1000802 |
gptkbp:bfsParent |
gptkb:CWE-502
|
gptkbp:bfsLayer |
8
|