The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-06T18:00:00

Updated: 2019-06-21T21:06:03

Reserved: 2016-04-05T00:00:00


Link: CVE-2016-3957

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2018-02-06T18:29:00.400

Modified: 2019-06-21T22:15:10.623


Link: CVE-2016-3957

JSON object: View

cve-icon Redhat Information

No data.

CWE