BUG: load fails when using pickle without allow_pickle=True

a partial mitigation of #12759. see also https://nvd.nist.gov/vuln/detail/CVE-2019-6446
author: Paul Ivanov <pivanov5@bloomberg.net> 2019-01-30 14:22:44 -0800
committer: Charles Harris <charlesr.harris@gmail.com> 2019-04-16 22:49:18 -0600
commit: a4df7e51483c78853bb33814073498fb027aa9d4 (patch)
tree: a9cdc264030b97da13eeb533224a206d5bf65643 /numpy/lib/npyio.py
parent: cc94f360febdef0e6c4183c50555ba82e60ccff6 (diff)
download: numpy-a4df7e51483c78853bb33814073498fb027aa9d4.tar.gz
1 files changed, 12 insertions, 5 deletions
diff --git a/numpy/lib/npyio.py b/numpy/lib/npyio.py
index d6d2a0c6c..ed2e26aac 100644
--- a/numpy/lib/npyio.py
+++ b/numpy/lib/npyio.py
@@ -146,7 +146,11 @@ class NpzFile(Mapping):
         An object on which attribute can be performed as an alternative
         to getitem access on the `NpzFile` instance itself.
     allow_pickle : bool, optional
-        Allow loading pickled data. Default: True
+        Allow loading pickled data. Default: False
+
+        .. versionchanged:: 1.16.3
+            Made default False in response to CVE-2019-6446.
+
     pickle_kwargs : dict, optional
         Additional keyword arguments to pass on to pickle.load.
         These are only useful when loading object arrays saved on
@@ -182,7 +186,7 @@ class NpzFile(Mapping):
 
     """
 
-    def __init__(self, fid, own_fid=False, allow_pickle=True,
+    def __init__(self, fid, own_fid=False, allow_pickle=False,
                  pickle_kwargs=None):
         # Import is postponed to here since zipfile depends on gzip, an
         # optional component of the so-called standard library.
@@ -285,7 +289,7 @@ class NpzFile(Mapping):
 
 
 @set_module('numpy')
-def load(file, mmap_mode=None, allow_pickle=True, fix_imports=True,
+def load(file, mmap_mode=None, allow_pickle=False, fix_imports=True,
          encoding='ASCII'):
     """
     Load arrays or pickled objects from ``.npy``, ``.npz`` or pickled files.
@@ -313,8 +317,11 @@ def load(file, mmap_mode=None, allow_pickle=True, fix_imports=True,
         Allow loading pickled object arrays stored in npy files. Reasons for
         disallowing pickles include security, as loading pickled data can
         execute arbitrary code. If pickles are disallowed, loading object
-        arrays will fail.
-        Default: True
+        arrays will fail. Default: False
+
+        .. versionchanged:: 1.16.3
+            Made default False in response to CVE-2019-6446.
+
     fix_imports : bool, optional
         Only useful when loading Python 2 generated pickled files on Python 3,
         which includes npy/npz files containing object arrays. If `fix_imports`
author	Paul Ivanov <pivanov5@bloomberg.net>	2019-01-30 14:22:44 -0800
committer	Charles Harris <charlesr.harris@gmail.com>	2019-04-16 22:49:18 -0600
commit	a4df7e51483c78853bb33814073498fb027aa9d4 (patch)
tree	a9cdc264030b97da13eeb533224a206d5bf65643 /numpy/lib/npyio.py
parent	cc94f360febdef0e6c4183c50555ba82e60ccff6 (diff)
download	numpy-a4df7e51483c78853bb33814073498fb027aa9d4.tar.gz