CVE-2020-13091

Deserialization of Untrusted Data in pypi/pandas

Identifiers

CVE-2020-13091

Package Slug

pypi/pandas

Vulnerability

Deserialization of Untrusted Data

Description

pandas can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call.

Affected Versions

All versions up to 1.0.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-05-22

source