3 matches found
GHSA-J424-MC44-F4HJ Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references. Original Description An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and includin...
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the loadweightckpt function. An attacker can manipulate the deserialization process by providing malicious input to the PT File Handler component. Remediation There is no fixed version for lmdeploy...