From df8493e4e67fedfa8059721563d8220abebd4195 Mon Sep 17 00:00:00 2001
From: nerrorsec <42860825+nerrorsec@users.noreply.github.com>
Date: Thu, 24 Mar 2022 11:54:34 +0545
Subject: [PATCH 1/2] import os

---
 Insecure Deserialization/Python.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Insecure Deserialization/Python.md b/Insecure Deserialization/Python.md
index 41887f6..98e843e 100644
--- a/Insecure Deserialization/Python.md	
+++ b/Insecure Deserialization/Python.md	
@@ -32,7 +32,7 @@ Python 2.7 documentation clearly states Pickle should never be used with untrust
 > The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
 
 ```python
-import cPickle
+import cPickle, os
 from base64 import b64encode, b64decode
 
 class Evil(object):
@@ -47,4 +47,4 @@ print("Your Evil Token : {}").format(evil_token)
 ## References
 
 * [Exploiting misuse of Python's "pickle" - Mar 20, 2011](https://blog.nelhage.com/2011/03/exploiting-pickle/)
-* [Python Pickle Injection - Apr 30, 2017](http://xhyumiracle.com/python-pickle-injection/)
\ No newline at end of file
+* [Python Pickle Injection - Apr 30, 2017](http://xhyumiracle.com/python-pickle-injection/)

From 1a5537a04494ac1767c8a75f372066a78fe72b39 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Mon, 18 Apr 2022 20:58:14 +0200
Subject: [PATCH 2/2] Add warning about cPickle

---
 Insecure Deserialization/Python.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Insecure Deserialization/Python.md b/Insecure Deserialization/Python.md
index 98e843e..563db1c 100644
--- a/Insecure Deserialization/Python.md	
+++ b/Insecure Deserialization/Python.md	
@@ -3,6 +3,7 @@
 ## Pickle
 
 The following code is a simple example of using `cPickle` in order to generate an auth_token which is a serialized User object.
+:warning: `import cPickle` will only work on Python 2
 
 ```python
 import cPickle