Description
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute arbitrary code.
Problem types
Improper Control of Generation of Code ('Code Injection')
Product status
Credits
Adi Malyanker, Shay Reuven
References
access.redhat.com/security/cve/CVE-2021-47952
bugzilla.redhat.com/show_bug.cgi?id=2478170 (RHBZ#2478170)
security.access.redhat.com/...2/vex/2021/cve-2021-47952.json
www.exploit-db.com/exploits/49585 (ExploitDB-49585)
jsonpickle.github.io (Official Product Homepage)
github.com/jsonpickle/jsonpickle (Product Reference)
www.vulncheck.com/...ickle-remote-code-execution-via-py-repr (VulnCheck Advisory: python jsonpickle 2.0.0 Remote Code Execution via py/repr)