Uncontrolled deserialization of a pickled object in rediswrapper allows attackers to execute arbitrary scripts
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.