Diogotcorreia

**Name of the Vulnerable Software and Affected Versions** DeepDiff versions 5.0.0 through 8.6.0 **Description** DeepDiff is a Python project for deep difference and search of data. Versions 5.0.0 through 8.6.0 are susceptible to class pollution through the `Delta` class constructor. When combined with a gadget in `DeltaDiff`, this can lead to Denial of Service and Remote Code Execution via insecure Pickle deserialization. The gadget allows modification of `deepdiff.serialization.SAFE TO IMPORT` to permit dangerous classes, such as `posix.system`, enabling the execution of arbitrary Python code through user-controlled input to the `Delta` class. **Recommendations** Update to DeepDiff version 8.6.1 or later.