pickle does not perform any authentication or security checks on objects it deserializes. This means that if a picked object is not stored securely, or received from an untrusted source, it could be replaced with any object, including an object which executes the attacker’s code when the object is deserialized or used. Many serialization functions suffer from this problem, but
pickle is particularly easy to exploit.
There is currently no safe alternative to
pickle in Python, so it is best to avoid using it. This can often be done by transmitting or storing particular data in an object (such as strings), instead of transmitting or storing the object itself. If it is necessary to use serialization, make sure to store serialized objects with appropriate permissions on the filesystem so that they cannot be accessed by other applications, and to use encryption and authentication, such as SSL when transmitting them.