Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.