3 matches found
EUVD-2025-210386
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collectenv.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
Insecure Deserialization
picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of torch.utils.collectenv.run function to execute remote pickle files, which allows an attacker to execute arbitrary code...
Remote Code Execution (RCE)
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution RCE due to the use of torch.utils.collectenv.run in the reduce method. An attacker can execute arbitrary code by crafting...