Python object deserialization of user-supplied data

Description
  • It was determined that your web application is performing Python object deserialization (using the pickle library) of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. Consult Web references section for more information about this issue.
Remediation
  • The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
References