GHSA-h8p4-p3hv-mq9r

Описание

Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.