You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ZODB on which we base uses Python pickles which are known to be insecure in terms of arbitrary code execution (and jsonpickle doesn't help). We could be affected by this problem if multiple users are allowed to write to the same database and one of them is compromised.
We will switch to some other object serialization for now, but according to @jimfulton, a quick workaround exist:
This bit is a bit overblown since this can be locked down, which ZODB does some.
There's a storage implementation somewhere that allows you to specify
a globals whitelist.
The text was updated successfully, but these errors were encountered:
ZODB on which we base uses Python pickles which are known to be insecure in terms of arbitrary code execution (and jsonpickle doesn't help). We could be affected by this problem if multiple users are allowed to write to the same database and one of them is compromised.
We will switch to some other object serialization for now, but according to @jimfulton, a quick workaround exist:
The text was updated successfully, but these errors were encountered: