Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
Advisories for Pypi/Rope package
2018