tmpdaa = Test()
with open("a-file.pickle",'wb') as f:
pickle.dump(tmpdaa,f)
ipycache.load_vars('a-file.pickle','')
Hi,ipycache.load_vars function with evil data will cause command execution,if attack share evil data on internet,when user load it , it will cause command execution.
The text was updated successfully, but these errors were encountered:
adi928
added a commit
to adi928/ipycache
that referenced
this issue
Feb 4, 2020
…rs() method.
Resolution for issue rossant#47 in the original repo.
Any malicious command trying to process through the unpickle command would have to go through the restricted_loads() method which only allows io.StringsIO to parse.
Anything else, and it would raise a UnpicklingError.
adi928
added a commit
to adi928/ipycache
that referenced
this issue
Feb 4, 2020
…rs() method.
Resolution for issue rossant#47 in the original repo.
Any malicious command trying to process through the unpickle command would have to go through the restricted_loads() method which only allows io.StringsIO to parse.
Anything else, and it would raise a UnpicklingError.
import os
import pickle
import ipycache
class Test(object):
tmpdaa = Test()
with open("a-file.pickle",'wb') as f:
ipycache.load_vars('a-file.pickle','')
Hi,ipycache.load_vars function with evil data will cause command execution,if attack share evil data on internet,when user load it , it will cause command execution.
The text was updated successfully, but these errors were encountered: