CVE-2020-13091
pypi/pandas
Deserialization of Untrusted Data
pandas can unserialize and execute commands from an untrusted file that is passed to the read_pickle()
function, if __reduce__
makes an os.system
call.
All versions up to 1.0.3
Unfortunately, there is no solution available yet.
2020-05-22
source |