Hacker News new | comments | show | ask | jobs | submit login
Dangerous Pickles – Malicious Data Serialization in Python (intoli.com)
31 points by foob 77 days ago | hide | past | web | favorite | 3 comments



It's quite simple: they are executable code.


pickle is neat, but so is eval.


And both are easily avoided with a little work.




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: