Hacker News new | comments | show | ask | jobs | submit login
Dangerous Pickles – Malicious Data Serialization in Python (intoli.com)
31 points by foob 10 days ago | hide | past | web | favorite | 3 comments





It's quite simple: they are executable code.

pickle is neat, but so is eval.

And both are easily avoided with a little work.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: