CVE-2021-47952: python jsonpickle 2.0.0 Remote Code Execution via py/repr
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute arbitrary code.
Security readout for executives and security teams
Plain-English summary
CVE-2021-47952 is a critical remote code execution issue in python jsonpickle 2.0.0. If an application deserializes attacker-controlled JSON containing py/repr objects, code may run on the server. Treat this as urgent for any internet-facing or partner-facing service that accepts JSON and uses jsonpickle.
Executive priority
High priority if jsonpickle 2.0.0 exists in externally reachable applications. The potential business impact is full compromise of confidentiality, integrity, and availability. Assign urgent dependency review and remediation ownership, but avoid declaring active exploitation unless new intelligence confirms it.
Technical view
The reported flaw is unsafe deserialization in jsonpickle 2.0.0 involving py/repr handling. Malicious JSON can cause eval-like behavior during deserialization, enabling arbitrary Python command execution. The source bundle maps this to CWE-502 and CWE-94 with CVSS 9.8. No affected versions beyond 2.0.0 are stated in the provided sources.
Likely exposure
Exposure depends on whether applications use python jsonpickle 2.0.0 to decode JSON from untrusted users, APIs, queues, files, or integrations. Highest concern is services reachable over a network that deserialize external input. Systems not using jsonpickle, not on 2.0.0, or only processing trusted data are less likely exposed.
Exploitation context
An ExploitDB reference exists, so public exploit information is available. The provided bundle does not show CISA KEV listing or confirmed active exploitation. Attack feasibility appears high from the CVSS vector: network access, low complexity, no privileges, and no user interaction.
Researcher notes
Evidence is strong for vulnerability existence and severity in jsonpickle 2.0.0, including CVE, VulnCheck, and ExploitDB references. The provided sources do not name a patched version or confirm active exploitation. Validate real exposure by tracing deserialization boundaries, not only by package presence.
Mitigation direction
Inventory Python applications for jsonpickle usage and version 2.0.0.
Prioritize internet-facing, API, worker, and integration services handling external JSON.
Check jsonpickle project and vendor advisories for fixed versions or official guidance.
Do not deserialize untrusted JSON with jsonpickle until remediated.
Restrict affected endpoints and processing paths where immediate upgrade is not possible.
Review Red Hat advisories if relying on Red Hat-packaged components.
Validation and detection
Search dependency manifests, lockfiles, containers, and SBOMs for jsonpickle 2.0.0.
Confirm whether code paths call jsonpickle deserialization on untrusted input.
Map exposed APIs, queues, file imports, and partner feeds to affected code paths.
Check runtime environments for bundled or vendored jsonpickle copies.
Review logs for unexpected deserialization errors or suspicious Python execution indicators.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-502: Code execution behavior lookup
Code execution and unsafe deserialization weaknesses often justify reviewing execution behavior and process telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Code execution and unsafe deserialization weaknesses often justify reviewing execution behavior and process telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
3CVSS vectors
5Timeline events
2ADP providers
8Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total
CVSS vector scores
3 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-502 · source CWE mapping
Deserialization of Untrusted Data
Deserialization of Untrusted Data represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Improper Control of Generation of Code ('Code Injection')
Improper Control of Generation of Code ('Code Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.