2 matches found
CVE-2025-71345
picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...
Insecure Deserialization
picklescan is vulnerable to insecure deserialization. The vulnerability is due to the use of torch.utils.bottleneck.main.runautogradprof function to execute remote pickle files, which allows an attacker to run arbitrary code on the system...