282 matches found
picklescan 安全漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan version 0.0.30 and earlier, which stems from an insufficient module name check that could lead to bypassing insecure global checks and executing malicious code...
picklescan 输入验证错误漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. An input validation error vulnerability exists in picklescan version 0.0.30 and earlier, which stems from improper input validation in the scanning logic and could allow a remote attacker to bypass security...
picklescan 安全漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan that stems from improper handling of exception conditions by the ZIP archive scanning component, which could lead to bypassing a security scan and executing malicio...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization because torch.utils.configmodule.loadconfig used in reduce can load malicious pickle files that bypass Picklescan checks and execute arbitrary code during pickle.load...
Insecure Deserialization
picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of torch.utils.collectenv.run function to execute remote pickle files, which allows an attacker to execute arbitrary code...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of untrusted pickle data in the function’s reduce flow, which allows an attacker to craft a malicious pickle that bypasses the victim’s Picklescan check and achieve arbitrary code execution when t...
Protection Mechanism Failure
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the scanbytes function. An attacker can bypass detection of malicious content by disguising a standard pickle...
Protection Mechanism Failure
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure when processing ZIP files. An attacker can bypass detection of malicious payloads by crafting ZIP archives with...
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan's strict check for full module names against its list of unsafe globals. By using subclasses of dangerous imports instead o...
PT-2025-38143
Name of the Vulnerable Software and Affected Versions mmaitre314 picklescan versions up to and including 0.0.30 Description A Protection Mechanism Failure in picklescan allows a remote attacker to bypass the unsafe globals check. This occurs because the scanner uses an exact match for module name...
Improper Input Validation
picklescan are vulnerable to improper input validation. The vulnerability is due to a parsing logic error in handling the STACKGLOBAL opcode, where the function listglobals tracks arguments in the wrong range, which allows an attacker to bypass proper opcode processing...
GHSA-Q77W-MWJJ-7MQX Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
Picklescan is missing detection when calling built-in python cProfile.run
Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...
GHSA-49GJ-C84Q-6QM9 Picklescan is missing detection when calling built-in python cProfile.run
Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...
GHSA-9W88-8RMG-7G2P Picklescan is missing detection when calling built-in python cProfile.runctx
Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...
Picklescan is missing detection when calling built-in python cProfile.runctx
Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...
Picklescan is missing detection when calling built-in python doctest.debug_script
Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...
GHSA-FQQ6-7VQF-W3FG Picklescan is missing detection when calling built-in python doctest.debug_script
Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...