5 matches found
CVE-2026-14535
The CVE affects Trail of Bits fickling up to version 0.1.11. The UnsafeImportsML analysis pass always calls AnalysisContext.shorten_code(node), populating shared AnalysisContext.reported_shortened_code. When MLAllowlist runs, it sees already_reported=True for every import and skips its allowlist ...
EUVD-2026-41676
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
EUVD-2026-41675
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
GHSA-5CXW-W2XG-2M8H fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Our assessment We added platform to the blocklist of unsafe modules https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975. It was not possible to inject extra arguments to file without first monkey-patching platform.followsymlinks with the pickle, as it always...
Remote Code Execution (RCE)
fickling is vulnerable to Remote Code Execution RCE. The vulnerability is due to the failure to explicitly block dangerous modules such as ctypes and pydoc, which allows an attacker to chain pydoc.locate with ctypes during pickle analysis to achieve RCE while the malicious pickle file is still...