🗄️ FileVault — Document Server

Object Deserializer

The server deserializes base64-encoded Python pickle objects. This is extremely dangerous.

The default payload is a safe dict. To understand the danger: a malicious pickle can run any Python code on the server when deserialized. Try creating your own pickle with: pickle.dumps({"role":"admin"})