Skip to content

Instantly share code, notes, and snippets.

Last active August 7, 2021 13:00
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
jsonpickle 1.4.2 vulnerable to RCE
Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function.
VulnerabilityType: CWE-502: Deserialization of Untrusted Data
Vendor of Product:
Affected Product Code Base: JsonPickle Python Module
Attack Type: Remote
Impact Code execution : True
Credits: Manmeet Singh and Ashish Kukreti
Attack Vectors : The jsonpickle can be exploited by deserialization of malicious jsonpickled payload with default decode() function of its object. The payload can be easily generated by this payload generator:
and passed to decode function
like object = jsonpickle.decode(payload)
it will certainly execute command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment