Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2021-47952: Python jsonpickle 2.0.0 allows attackers to execute system commands
CVE-2021-47952
Summary
An attacker can send malicious data to a Python application using jsonpickle 2.0.0, allowing them to run system commands. This could lead to unauthorized access or data theft. Update to a secure version of jsonpickle as soon as possible to prevent exploitation.
Original title
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects...
Original description
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute arbitrary code.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-94
Code Injection
Published: 16 May 2026 · Updated: 31 May 2026 · First seen: 16 May 2026