It was discovered that the Piston framework can deserializes untrusted YAML and Pickle data, leading to remote code execution. The old stable distribution does not contain a python-django-piston package.