Skip to content

Instantly share code, notes, and snippets.

@j0lt-github
Last active August 7, 2021 13:00
Show Gist options
  • Save j0lt-github/bb543e77a1a10c33cb56cf23d0837874 to your computer and use it in GitHub Desktop.
Save j0lt-github/bb543e77a1a10c33cb56cf23d0837874 to your computer and use it in GitHub Desktop.
jsonpickle 1.4.2 vulnerable to RCE
Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function.
VulnerabilityType: CWE-502: Deserialization of Untrusted Data
Vendor of Product: https://github.com/jsonpickle/jsonpickle
Affected Product Code Base: JsonPickle Python Module
Attack Type: Remote
Impact Code execution : True
Credits: Manmeet Singh and Ashish Kukreti
Attack Vectors : The jsonpickle can be exploited by deserialization of malicious jsonpickled payload with default decode() function of its object. The payload can be easily generated by this payload generator:
https://github.com/j0lt-github/python-deserialization-attack-payload-generator
and passed to decode function
like object = jsonpickle.decode(payload)
it will certainly execute command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment