base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-3539
https://bugzilla.redhat.com/show_bug.cg…