Python pickle deserialization vulnerability
GPTKB entity
Statements (22)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:affects |
gptkb:Python
web applications desktop applications machine learning pipelines |
| gptkbp:canBe |
malicious payload
|
| gptkbp:category |
gptkb:security
deserialization vulnerability |
| gptkbp:cause |
untrusted data deserialization
|
| gptkbp:documentedIn |
gptkb:Python_documentation
OWASP guidelines |
| gptkbp:firstReported |
2011
|
| https://www.w3.org/2000/01/rdf-schema#label |
Python pickle deserialization vulnerability
|
| gptkbp:mitigatedBy |
avoid unpickling untrusted data
use safer serialization formats |
| gptkbp:relatedTo |
pickle module
|
| gptkbp:riskFactor |
remote code execution
arbitrary code execution |
| gptkbp:vulnerableTo |
CVE-2011-1832
CVE-2018-1000802 |
| gptkbp:bfsParent |
gptkb:CWE-502
|
| gptkbp:bfsLayer |
8
|