STINNER Victor <vstin...@python.org> added the comment:
According to the Python Security Model, this issue is not security vulnerability: (*) https://python-security.readthedocs.io/security.html#python-security-model The marshal is not intended to be used to load untrusted code. That's why its documentation contains the red warning: "The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source." https://docs.python.org/dev/library/marshal.html ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue41208> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
