Jsonpickle · Jsonpickle · CVE-2020-22083
**Name of the Vulnerable Software and Affected Versions**
jsonpickle versions 1.4.1 and earlier
**Description**
The issue allows remote code execution during deserialization of a malicious payload through the `decode()` function. It has been argued that this is expected and clearly documented behavior, as pickle is known to be capable of causing arbitrary code execution and must not be used with un-trusted data.
**Recommendations**
For jsonpickle versions 1.4.1 and earlier, consider disabling the `decode()` function until a patch is available or ensure that it is only used with trusted data to minimize the risk of exploitation.