Published: 17/12/2020 Updated: 11/04/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

jsonpickle up to and including 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data

Vulnerable Product	Search on Vulmon	Subscribe to Product
jsonpickle project jsonpickle

jsonpickle allows arbitrary code execution during deserialization of a malicious payload through the decode() function ...

CWE-502 https://gist.github.com/j0lt-github/bb543e77a1a10c33cb56cf23d0837874 https://github.com/jsonpickle/jsonpickle/issues/332 https://github.com/j0lt-github/python-deserialization-attack-payload-generator https://versprite.com/blog/application-security/into-the-jar-jsonpickle-exploitation/https://access.redhat.com/security/cve/CVE-2020-22083 https://github.com/jsonpickle/jsonpickle/issues/332#issuecomment-747807494 https://nvd.nist.gov https://security.archlinux.org/CVE-2020-22083

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-22083

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect