security issue of serialize
Asked by
Ben Niu
python-memcached use the module pickle, when I save some maliciously constructed data to memcached, it use unpickler.load() and not verifies it,so I can inject my shell on client,is that a problem?
Question information
- Language:
- English Edit question
- Status:
- Expired
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
To post a message you must log in.