http://simonwillison.net/2009-09-09T23:04:31+00:00Simon Willison2009-09-09T23:04:31+00:002009-09-09T23:04:31+00:00https://simonwillison.net/2009/Sep/9/pickle/#atom-tag

<p><strong><a href="http://nadiana.com/python-pickle-insecure">Why Python Pickle is Insecure</a></strong></p> Because pickle is essentially a stack-based interpreter, so you can put os.system on the stack and use it to execute arbitrary commands. <p>Tags: <a href="https://simonwillison.net/tags/pickle">pickle</a>, <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/security">security</a></p>