3 matches found
Incomplete List of Disallowed Inputs
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the checksafety function. An attacker can execute arbitrary code by crafting pickle payloads that import unlisted standard...
CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass
picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...
PT-2026-50467
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description An incomplete blocklist for the profile module fails to block the module-level profile.run function. This allows attackers to achieve arbitrary code execution via exec by crafting malicious pickle...