Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) prior to 0.3.0 allows malicious users to execute arbitrary scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redis wrapper project redis wrapper |