[Pandas-dev] Security Issue: read_pickle()
Tom Augspurger
tom.w.augspurger at gmail.com
Thu Jul 28 08:18:30 EDT 2022
Hi Thomas,
You’ll notice that that report has been disputed (by us). read_pickle is
working as intended and the documentation describes the security
implications of using it.
Tom
On Jul 28, 2022 at 6:41:25 AM, Kranzkowski Thomas via Pandas-dev <
pandas-dev at python.org> wrote:
> Dear author-team,
>
>
>
> with releasing a python app I did a security Scan with SonaType for the
> dependencies. It identified in every pandas version the same vulnerability
> for the *read_pickle()* function. This means every repo/app built with
> the function is attackable from the outside. Is this issue already known?
>
>
>
>
>
>
>
> Kind Regards,
>
> Thomas
>
>
>
> AI Cloud Engineer
> _______________________________________________
> Pandas-dev mailing list
> Pandas-dev at python.org
> https://mail.python.org/mailman/listinfo/pandas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/pandas-dev/attachments/20220728/4ef7a4a5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 67911 bytes
Desc: not available
URL: <https://mail.python.org/pipermail/pandas-dev/attachments/20220728/4ef7a4a5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 48749 bytes
Desc: not available
URL: <https://mail.python.org/pipermail/pandas-dev/attachments/20220728/4ef7a4a5/attachment-0003.png>
More information about the Pandas-dev
mailing list