Python Pickle RCE: The Architecture of Deserialization Exploits
A deep technical breakdown of the Python Pickle Virtual Machine (PVM), the __reduce__ magic method, and how ML models are weaponized for Remote Code Execution.
2 docs tagged with "deserialization"
View all tagsYAML Deserialization Attacks: RCE via Configuration Parsing
A deep technical analysis of how PyYAML deserialization maps tags to Python object instantiation, leading to Remote Code Execution in MLOps configuration pipelines.