Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe execution/deserialization because idlelib.pyshell.ModifiedInterpreter.runcode can execute untrusted code e.g., from malicious pickle data in the interpreter context...

GHSA-J343-8V2J-FF7W Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand

Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...