While this report directly addresses the two areas where a user of Calibre can be potentially tricked into directly triggering a malicious pickle, there is a very dangerous pattern of using pickle throughout the entire codebase. This should be modified in favour of safer serialisation methods like JSON.
While this report directly addresses the two areas where a user of Calibre can be potentially tricked into directly triggering a malicious pickle, there is a very dangerous pattern of using pickle throughout the entire codebase. This should be modified in favour of safer serialisation methods like JSON.