pandas is a Python package providing data structures designed to make working with structured (tabular, multidimensional, potentially heterogeneous) and time series data both easy and intuitive.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). It can unserialize and execute commands from an untrusted file that is passed to the
read_pickle() function, if
__reduce__ makes an os.system call.
Note: This issue is disputed because the
read_pickle() function is documented as unsafe.
There is no fixed version for