Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
jsonpickle 1.4.2 vulnerable to RCE
Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function.
VulnerabilityType: CWE-502: Deserialization of Untrusted Data
Vendor of Product: https://github.com/jsonpickle/jsonpickle
Affected Product Code Base: JsonPickle Python Module
Attack Type: Remote
Impact Code execution : True
Credits: Manmeet Singh and Ashish Kukreti
Attack Vectors : The jsonpickle can be exploited by deserialization of malicious jsonpickled payload with default decode() function of its object. The payload can be easily generated by this payload generator:
https://github.com/j0lt-github/python-deserialization-attack-payload-generator
and passed to decode function
like object = jsonpickle.decode(payload)
it will certainly execute command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment