GHSA-3329-GHMP-JMV5 Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval

Summary Picklescan uses numpy.f2py.crackfortran.myeval, which is a function in numpy to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the numpy.f2py.crackfortran.myeval function in its reduce method -...

GHSA-X843-G5MX-G377 Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

Summary Using idlelib.calltip.getentity function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.getentity function in reduce method Then whe...