Lucene search
K

346 matches found

Github Security Blog
Github Security Blog
added 2025/08/22 4:56 p.m.4 views

Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

7.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/22 4:56 p.m.3 views

GHSA-86CJ-95QR-2P4F Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

7.9AI score
Exploits0References5
Snyk
Snyk
added 2025/08/22 4:56 p.m.3 views

Remote Code Execution (RCE)

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE via the bottleneckmain.runcprofile function. An attacker can craft a malicious pickle file that leverages this functi...

6.7CVSS8.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/22 4:56 p.m.6 views

Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...

7.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/22 4:56 p.m.0 views

GHSA-4R9R-CH6F-VXMX Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile

Summary Using torch.utils.bottleneck.main.runcprofile function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.bottleneck.main.runcprofile function in...

7.9AI score
Exploits0References5
Snyk
Snyk
added 2025/08/12 12:13 a.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the STACKGLOBAL opcode parsing process. An attacker can bypass detection mechanisms by crafting a malicio...

9.6CVSS7AI score
Exploits0References2
OSV
OSV
added 2025/08/12 12:13 a.m.5 views

GHSA-9GVJ-PP9X-GCFR Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass

Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL. Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

9.3CVSS7AI score0.00475EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/08/12 12:13 a.m.4 views

Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass

Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL. Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

9.8CVSS7AI score0.00475EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-34324 · Pypi · Picklescan

Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACK GLOBAL. Function list globals when handling STACK GLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...

9.3CVSS7.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.3 views

PT-2025-38137

Name of the Vulnerable Software and Affected Versions mmaitre314 picklescan versions up to and including 0.0.30 Description An Improper Input Validation vulnerability exists in the scanning logic of picklescan. This flaw allows a remote attacker to bypass pickle files security checks by supplying...

9.3CVSS6.6AI score0.00816EPSS
Exploits1References20
RedhatCVE
RedhatCVE
added 2025/04/26 4:14 a.m.4 views

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

6.8CVSS6.9AI score0.00189EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/04/24 3:31 a.m.11 views

Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references. Original Description The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can...

7.5CVSS7AI score0.00189EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/04/24 3:31 a.m.2 views

GHSA-4P4H-9GVQ-7XFG Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references. Original Description The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can...

6.8CVSS6.2AI score0.00189EPSS
Exploits1References3
PyPA
PyPA
added 2025/04/24 1:15 a.m.9 views

PYSEC-2025-34

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

6.8CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/04/24 1:15 a.m.7 views

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

7.5CVSS0.00189EPSS
Exploits1References2
OSV
OSV
added 2025/04/24 1:15 a.m.4 views

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

7.5CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2025/04/24 1:15 a.m.4 views

PYSEC-2025-34

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

7.5CVSS6.9AI score0.00189EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.4 views

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan versions prior to 0.0.25, which stems from an insecure global variable that could lead to a data leak...

7.5CVSS6.3AI score0.00189EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/04/24 12:0 a.m.5 views

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

6.8CVSS6.9AI score0.00189EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/24 12:0 a.m.13 views

CVE-2025-46417

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.getservercertificate can exfiltrate data via DNS after deserialization...

6.8CVSS0.00189EPSS
Exploits1References2
Rows per page
Query Builder