Pandas QST: How to eliminate this threat for Pandas?

Research

• [X] I have searched the [pandas] tag on StackOverflow for similar questions.

• [X] I have asked my usage related question on StackOverflow.

Link to question on StackOverflow

https://advisories.gitlab.com/advisory/advpypi_pandas_CVE_2020_13091.html

Question about pandas

The pandas package contains a Deserialization of Untrusted Data vulnerability. The read_pickle function in pickle.py does not perform any validation on user provided data prior to deserialization. An attacker can exploit this by submitting a maliciously crafted file that when deserialized can result in command injection.

Comment From: MarcoGorelli

thanks for the report

closing for now as dupe of https://github.com/pandas-dev/pandas/issues/36256 and https://github.com/pandas-dev/pandas/issues/48049