Lucene search
K

5 matches found

Snyk
Snyk
added 4 days ago7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the makelabel function in the reduce method. An attacker can execute arbitrary commands by crafting...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago39 views

CVE-2025-71343 picklescan - Arbitrary Code Execution via lib2to3.pgen2.pgen.ParserGenerator.make_label Detection Bypass

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.makelabel function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load is called...

8.1CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.6 views

EUVD-2025-210305

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 2:16 p.m.16 views

CVE-2025-71351

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute...

7.6CVSS0.00418EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:5 p.m.15 views

CVE-2026-53873

The CVE-2026-53873 vulnerability affects picklescan prior to 1.0.4, where an incomplete blocklist for the profile module fails to block module-level profile.run(), enabling arbitrary code execution via exec() through crafted pickle files. Attackers can craft malicious pickles calling profile.run(...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References2
Rows per page
Query Builder