Launchpad.net

CVE 2014-3539

base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.

See the CVE page on Mitre.org for more details.