The application may convert user-controlled data into an object, which can lead to an insecure deserialization vulnerability. An attacker can create a malicious serialized object, pass it to the application, and take advantage of the deserialization process to perform Denial-of-service (DoS), Remote code execution (RCE), or bypass access control measures. A number of functions and packages in the torch module rely on the pickle module and should not be used to unpackage data from untrusted sources. Likelihood: MEDIUM Confidence: HIGH CWE: - CWE-502: Deserialization of Untrusted Data
OWASP: - A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures