{"id":"PYSEC-2019-116","details":"Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.","aliases":["CVE-2019-17206","GHSA-vrcf-g539-x6h3"],"modified":"2023-11-08T04:01:23.008031Z","published":"2019-10-05T23:15:00Z","references":[{"type":"WEB","url":"https://github.com/frostming/rediswrapper/pull/1"},{"type":"WEB","url":"https://github.com/frostming/rediswrapper/releases/tag/v0.3.0"},{"type":"WEB","url":"https://github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-vrcf-g539-x6h3"}],"affected":[{"package":{"name":"rediswrapper","ecosystem":"PyPI","purl":"pkg:pypi/rediswrapper"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.0"}]}],"versions":["0.1.0","0.2.0","0.2.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/rediswrapper/PYSEC-2019-116.yaml"}}],"schema_version":"1.7.3"}