python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute arbitrary code.
References
Configurations
No configuration.
History
27 Jun 2026, 05:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-502 | |
| References |
|
26 May 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute arbitrary code. |
16 May 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-16 16:16
Updated : 2026-06-27 05:16
NVD link : CVE-2021-47952
Mitre link : CVE-2021-47952
CVE.ORG link : CVE-2021-47952
JSON object : View
Products Affected
No product.
