Deserialization of Untrusted Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using Connection.recv() in Python’s multiprocessing module can be unsafe because it automatically unpickles received data. If data comes from an untrusted source, this could allow execution of malicious code.
Impact#
An attacker who can send data to the process could exploit this to execute arbitrary code within your application, potentially leading to data theft, corruption, or full system compromise.