CVE-2019-17206: Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.
Summary
CVE-2019-17206 is a vulnerability in rediswrapper (a Redis Wrapper library) before version 0.3.0 that allows attackers to execute arbitrary scripts through uncontrolled deserialization of pickled objects (a Python serialization format that can be exploited if data comes from an untrusted source). The vulnerability exists in the models.py file and is caused by unsafe handling of serialized data.
Solution / Mitigation
Upgrade to rediswrapper version 0.3.0 or later. The fix is available in the release at https://github.com/frostming/rediswrapper/releases/tag/v0.3.0 and was implemented in pull request https://github.com/frostming/rediswrapper/pull/1.
Vulnerability Details
9.8(critical)
EPSS: 0.7%
Classification
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2019-17206
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 75%