Insecure Deserialization with Pickle in Pandas
Description
Functions reliant on pickle can result in arbitrary code execution. Consider using a safer serialization method like JSON or MessagePack.
Examples
Insecure Code
python
pandas.read_pickle('example.pkl')Secure Code
python
import json; json.load(open('example.json'))Remediation
Replace pickle with a safer serialization method such as JSON or MessagePack.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0216 |
| Category | Deserialization |
| Severity | CRITICAL |
| CWE | CWE-502 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | pickle, deserialization |
| OWASP | N/A |