rpc.py is vulnerable to remote code execution. The vulnerability exists because the PickleSerialize
in the decode
function of serializers.py
is not enabled by default, allowing an attacker to cause the data to be processed with unpickle by providing a malicious HTTP header.