CVE-2019-17206

CVE-2019-17206

EPSS 3.2%

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0 https://github.com/frostming/rediswrapper/pull/1 https://github.com/frostming/rediswrapper/releases/tag/v0.3.0