Last active
August 7, 2021 13:00
-
-
Save j0lt-github/bb543e77a1a10c33cb56cf23d0837874 to your computer and use it in GitHub Desktop.
jsonpickle 1.4.2 vulnerable to RCE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function. | |
VulnerabilityType: CWE-502: Deserialization of Untrusted Data | |
Vendor of Product: https://github.com/jsonpickle/jsonpickle | |
Affected Product Code Base: JsonPickle Python Module | |
Attack Type: Remote | |
Impact Code execution : True | |
Credits: Manmeet Singh and Ashish Kukreti | |
Attack Vectors : The jsonpickle can be exploited by deserialization of malicious jsonpickled payload with default decode() function of its object. The payload can be easily generated by this payload generator: | |
https://github.com/j0lt-github/python-deserialization-attack-payload-generator | |
and passed to decode function | |
like object = jsonpickle.decode(payload) | |
it will certainly execute command. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment