Deserialization of Untrusted Data
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) allows attackers to execute arbitrary scripts.
Advisories for Pypi/Rediswrapper package
2019
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) allows attackers to execute arbitrary scripts.