Lucene search
K

5 matches found

EUVD
EUVD
added 12 hours ago4 views

EUVD-2025-210385

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS6.4AI score
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2025-71349

The affected software is picklescan with versions before 0.0.29. The vulnerability arises because the tool fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing an attacker to embed malicious code. Remote attackers can craft pickle files that use trace.Trace....

8.1CVSS6.4AI score
Exploits0References2
Veracode
Veracode
added 2025/09/23 8:19 a.m.5 views

Remote Code Execution (RCE)

picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to trace.Trace.run executing code from untrusted pickle files, which can execute arbitrary code when a malicious pickle is loaded...

8.3AI score
Exploits0
OSV
OSV
added 2025/08/26 6:35 p.m.1 views

GHSA-5QWP-399C-MJWF Picklescan has a missing detection when calling built-in python trace.Trace.run

Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.run function in reduce method Then when the victim after checking...

7.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/26 6:35 p.m.4 views

Picklescan has a missing detection when calling built-in python trace.Trace.run

Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.run function in reduce method Then when the victim after checking...

7.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder