Another Supply-Chain Vulnerability: RCE in Python’s PyPI Repo

Preface (日本語版も公開されています。) While PyPI has a security page, they don’t have a clear policy for vulnerability assessments.1 This article describes the vulnerabilities that were reported as potential vulnerabilities, using publicly available information. This … Read more


Python’s Pickle’s Nine Flaws

Python’s pickle module is a very convenient way to serialize and de-serialize objects. It needs no schema, and can handle arbitrary Python objects. But it has problems. This post briefly explains the problems. (more…)

Read more »