Description
The Python standard library has a module called pickle that is used for serializing and deserializing objects. It's widely regarded as dangerous to unpickle data from any untrusted source.
It was determined that this web application unpickles data from user-controlled input.
Remediation
The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
References
Related Vulnerabilities
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.34)
Magento Deserialization of Untrusted Data Vulnerability (CVE-2020-3716)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-19849)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.22)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)