CVE-2018-14400 in pycparser
الملخص
بحسب MITRE
In pycparser, a pickle.load call (within the read_pickle function of the LRTable class in yacc.py) on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.