Just did some more digging. For python 2.5, the code is in python-simplejson (the json module for python 2.5). And already did the fix in the code The result now is: Code: Python 2.5.4 (r254:67916, May 17 2010, 21:00:32) [GCC 4.2.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> execfile("vulnerability_test.py") Not vulnerable If someone wants to test with the modified code, see the attachment.
Python 2.5.4 (r254:67916, May 17 2010, 21:00:32) [GCC 4.2.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> execfile("vulnerability_test.py") Not vulnerable