Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Dangerous Pickles – Malicious Data Serialization in Python
(
intoli.com
)
31 points
by
foob
on Dec 6, 2017
|
hide
|
past
|
favorite
|
3 comments
calebm
on Dec 6, 2017
|
next
[–]
It's quite simple: they are executable code.
philsnow
on Dec 6, 2017
|
prev
[–]
pickle is neat, but so is eval.
Doxin
on Dec 8, 2017
|
parent
[–]
And both are easily avoided with a little work.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
