Vulnerability CVE-2020-22083

Vulnerability CVE-2020-22083

Published: 2020-12-17

Description:

Type:

(Deserialization of Untrusted Data)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Jsonpickle project -> Jsonpickle

https://access.redhat.com/security/cve/CVE-2020-22083

https://gist.github.com/j0lt-github/bb543e77a1a10c33cb56cf23d0837874

https://github.com/j0lt-github/python-deserialization-attack-payload-generator

https://github.com/jsonpickle/jsonpickle/issues/332

https://github.com/jsonpickle/jsonpickle/issues/332#issuecomment-747807494

https://versprite.com/blog/application-security/into-the-jar-jsonpickle-exploitation/