3 matches found
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the distutils.fileutil.writefile function. An attacker can overwrite critical system files by crafting...
CVE-2025-71321
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...
PT-2026-50452
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.33 Description An arbitrary file writing issue exists because the default dangerous blocklist fails to include the distutils module. While open and shutil are blocked to prevent unauthorized file overwrites,...