Narcissistic Pickle Meister
    Severity: high

    Arbitrary Code Injection



    In xmlhttprequest-ssl before 1.6.2 when requests are sent synchronously (async=False on, malicious user input flowing into xhr.send could result in arbitrary code being injected and run.


    Upgrade to version 1.6.2 or later

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      May 4th, 2021
    2. reported

      Reported by Anonymous
      May 4th, 2021