From 12fe3224f5086161462faf614cad91f3fad32e78 Mon Sep 17 00:00:00 2001
From: Maxim Piskunov <felreaverbrah@gmail.com>
Date: Sun, 14 Nov 2021 17:04:20 +0300
Subject: [PATCH] Fixed #33287 -- Made GeoJSON serializer use json.loads()
 instead of eval().

Thanks David Wyde for the report.
---
 django/contrib/gis/serializers/geojson.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/django/contrib/gis/serializers/geojson.py b/django/contrib/gis/serializers/geojson.py
index 3cd015479c..0e4f744774 100644
--- a/django/contrib/gis/serializers/geojson.py
+++ b/django/contrib/gis/serializers/geojson.py
@@ -1,3 +1,5 @@
+import json
+
 from django.contrib.gis.gdal import CoordTransform, SpatialReference
 from django.core.serializers.base import SerializerDoesNotExist
 from django.core.serializers.json import Serializer as JSONSerializer
@@ -50,7 +52,7 @@ class Serializer(JSONSerializer):
                     srs = SpatialReference(self.srid)
                     self._cts[self._geometry.srid] = CoordTransform(self._geometry.srs, srs)
                 self._geometry.transform(self._cts[self._geometry.srid])
-            data["geometry"] = eval(self._geometry.geojson)
+            data["geometry"] = json.loads(self._geometry.geojson)
         else:
             data["geometry"] = None
         return data