3 matches found
EUVD-2025-210415
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...
EUVD-2025-29474
Malicious code in bioql PyPI...
GHSA-F4X7-RFWP-V3XW Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
Summary Using torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...