Python pickle deserialization vulnerability

GPTKB entity

Statements (22)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects gptkb:Python
web applications
desktop applications
machine learning pipelines
gptkbp:canBe malicious payload
gptkbp:category gptkb:security
deserialization vulnerability
gptkbp:cause untrusted data deserialization
gptkbp:documentedIn gptkb:Python_documentation
OWASP guidelines
gptkbp:firstReported 2011
https://www.w3.org/2000/01/rdf-schema#label Python pickle deserialization vulnerability
gptkbp:mitigatedBy avoid unpickling untrusted data
use safer serialization formats
gptkbp:relatedTo pickle module
gptkbp:riskFactor remote code execution
arbitrary code execution
gptkbp:vulnerableTo CVE-2011-1832
CVE-2018-1000802
gptkbp:bfsParent gptkb:CWE-502
gptkbp:bfsLayer 8