In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pyconuk | conference-scheduler-cli | * |