Deserialization of Untrusted Data
jsonpickle allows remote code execution during deserialization of a malicious payload through the decode() function.
Advisories for Pypi/Jsonpickle package
2020
jsonpickle allows remote code execution during deserialization of a malicious payload through the decode() function.