j0lt-github/jsonpickle_vulnerable.txt

## jsonpickle_vulnerable.txt
Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function.

VulnerabilityType: CWE-502: Deserialization of Untrusted Data

Vendor of Product: https://github.com/jsonpickle/jsonpickle

Affected Product Code Base: JsonPickle Python Module
Attack Type: Remote

Impact Code execution : True

Credits: Manmeet Singh and Ashish Kukreti

Attack Vectors : The jsonpickle can be exploited by deserialization of malicious jsonpickled payload with default decode() function of its object. The payload can be easily generated by this payload generator:
https://github.com/j0lt-github/python-deserialization-attack-payload-generator
and passed to decode function
like object = jsonpickle.decode(payload)
it will certainly execute command.
	Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function.

	VulnerabilityType: CWE-502: Deserialization of Untrusted Data

	Vendor of Product: https://github.com/jsonpickle/jsonpickle

	Affected Product Code Base: JsonPickle Python Module
	Attack Type: Remote

	Impact Code execution : True

	Credits: Manmeet Singh and Ashish Kukreti

	Attack Vectors : The jsonpickle can be exploited by deserialization of malicious jsonpickled payload with default decode() function of its object. The payload can be easily generated by this payload generator:
	https://github.com/j0lt-github/python-deserialization-attack-payload-generator
	and passed to decode function
	like object = jsonpickle.decode(payload)
	it will certainly execute command.