GHSA-5QWP-399C-MJWF Picklescan has a missing detection when calling built-in python trace.Trace.run

Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.run function in reduce method Then when the victim after checking...

GHSA-VV6J-3G6G-2PVJ Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Summary Using torch.utils.configmodule.loadconfig function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.configmodule.loadconfig function in reduce...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using torch.utils.configmodule.loadconfig function. An attacker can execute arbitrary code by crafting a...

GHSA-VR7H-P6MM-WPMH Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient detection in the reduce method involving the torch.jit.unsupportedtensorops.execWrapper function...

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using torch.utils.data.datapipes.utils.decoder.basichandlers function. An attacker can execute arbitrary code ...

GHSA-H3QP-7FH3-F8H4 Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers

Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers

Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to the use of torch.utils.collectenv.run in the reduce method. An attacker can execute arbitrary code by crafting...

GHSA-F745-W6JP-HPXX Picklescan missing detection when calling pytorch function torch.utils.collect_env.run

Summary Using torch.utils.collectenv.run function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.collectenv.run function in reduce method Then when the...

Picklescan missing detection when calling pytorch function torch.utils.collect_env.run

Summary Using torch.utils.collectenv.run function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.collectenv.run function in reduce method Then when the...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient detection in the evaluateguardsexpression function. An attacker can execute arbitrary code by...

GHSA-F4X7-RFWP-V3XW Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

Summary Using torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

Summary Using torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to using the torch.dynamo.guards.GuardBuilder.get function. An attacker can execute arbitrary code by crafting a...

GHSA-86CJ-95QR-2P4F Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE via the bottleneckmain.runcprofile function. An attacker can craft a malicious pickle file that leverages this functi...

GHSA-4R9R-CH6F-VXMX Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...