2 matches found
Insufficient Verification of Data Authenticity
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity when PickleScan attempts to extract and scan PyTorch model archives, an attacker can manipulate...
PYSEC-2025-20
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...