Hacker News new | comments | show | ask | jobs | submit login
Dangerous Pickles – Malicious Data Serialization in Python (intoli.com)
31 points by foob 4 months ago | hide | past | web | favorite | 3 comments



It's quite simple: they are executable code.


pickle is neat, but so is eval.


And both are easily avoided with a little work.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: