5 matches found
CVE-2025-71369
CVE-2025-71369 affects the Python utility picklescan (versions prior to 0.0.28). The vulnerability arises when pickle files leverage torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, enabling bypass of safety checks and allowing remote code execution during deserialization...
EUVD-2025-210422
picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization,...
EUVD-2025-29488
Malicious code in bioql PyPI...
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-H3QP-7FH3-F8H4 Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
Summary Using torch.utils.data.datapipes.utils.decoder.basichandlers function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...