diff --git a/flask_webgoat/actions.py b/flask_webgoat/actions.py
index 4bcbc4d9..8cf5bbf4 100644
--- a/flask_webgoat/actions.py
+++ b/flask_webgoat/actions.py
@@ -1,4 +1,4 @@
-import pickle
+import json
 import base64
 from pathlib import Path
 import subprocess
@@ -55,8 +55,7 @@ def grep_processes():
 
 @bp.route("/deserialized_descr", methods=["POST"])
 def deserialized_descr():
-    pickled = request.form.get('pickled')
-    data = base64.urlsafe_b64decode(pickled)
-    # vulnerability: Insecure Deserialization
-    deserialized = pickle.loads(data)
+    encoded = request.form.get('pickled')
+    data = base64.urlsafe_b64decode(encoded)
+    deserialized = json.loads(data.decode('utf-8'))
     return jsonify({"success": True, "description": str(deserialized)})