Using CookieJar.load() with untrusted input may allow arbitrary code execution.

Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.

If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitise the files before loading.

Patch: https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00