A brief update to the
earlier posts about insecure Python functions. I came
across one more that’s similar to the Pickle section from Part 2. This
one uses jsonpickle.
Here’s a working exploit for that one:
Their docs also mention the security implications but it can be easy to miss. As a reminder, don’t use anything that aspires to be Pickle.