Parso could allow arbitrary code execution


14 Jun 2019


3 - HIGH

CVSSv3 score



images/s/-u524h5/8501/61630d2d4f75946459caa0b3dbdac9bd6d7a7de4/_/images/icons/emoticons/check.svg 2.6.0


Parso versions 0.4.0 and earlier are vulnerable to deserialization of untrusted data.
The Parso Python library enables Python code parsing and autocomplete.
It is used by IPython, which is a dependency of the eiq-platform shell platform command and its set of sub-commands.

The vulnerability affects grammar parsing from the cache. Cache loading relies on pickle. Pickle is not secure against erroneous or maliciously constructed data.

To exploit the vulnerability, attackers must be able to create a folder, and to write files to the target system.
A proof of concept demonstrates how the exploit could leverage the vulnerability:

  1. Guess the path to a cache file.

  2. Write an evil pickled object to it.

  3. Load the parsing grammar.

  4. During grammar loading, the exploit makes the vulnerable application load the evil pickle to enable arbitrary code execution.


Make sure that platform access through SSH, and that platform shell usage are restricted:

  • Enforce strict access control on who is authorized to connect to a platform instance through SSH.

  • Enforce strict access control on who is authorized to access and use eiq-platform shell.

  • Do not unpickle data received from an untrusted or from an unauthenticated data source.

At the moment, it is not possible to globally upgrade Parso, because it occurs at least once as a sub-dependency.
Sub-dependencies are indirect dependencies of other third-party dependencies.

We cannot control these dependencies.
We address these issues as soon as eligible third-party patches become available through their respective vendors, owners, or official maintainers.

Affected versions

2.5.0 and earlier.


For more information, see:

< Back to all security issues and mitigation actions

In release notes 2.5.0

In release notes 2.6.0