97 matches found
CVE-2026-14535
A flaw was found in the fickling library, versions up to and including 0.1.11. A logic error in the security analysis passes allows an attacker to bypass intended safety checks during pickle deserialization. This vulnerability enables the invocation of arbitrary standard library modules, leading ...
CVE-2026-14534
A flaw was found in the fickling library, which is designed to safely handle Python pickle data. The library's security checks in versions up to and including 0.1.10 fail to properly identify and block certain dangerous Python standard library modules during deserialization. This oversight allows...
Protection Mechanism Failure
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Protection Mechanism Failure due to shared mutable state in the shortencode function. An attacker can execute arbitrary code by providing a malicious pickle payload...
Incomplete List of Disallowed Inputs
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the checksafety function. An attacker can execute arbitrary code by crafting pickle payloads that import unlisted standard...
CVE-2026-14534
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
CVE-2026-14535
Summary: CVE-2026-14535 affects Trail of Bits fickling up to version 0.1.11. A logic error in the UnsafeImportsML and MLAllowlist passes causes shared mutable state (AnalysisContext.reported_shortened_code) to poison deduplication, rendering MLAllowlist dead code and allowing certain pickle paylo...
CVE-2026-14534
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
CVE-2026-14534
The CVE-2026-14534 issue affects the Python package fickling, up to version 0.1.10. The root cause is that the UNSAFE_IMPORTS denylist omits three standard library modules — _posixsubprocess, site, and atexit — causing check_safety() to return LIKELY_SAFE and allowing pickle payloads to deseriali...
GHSA-5CXW-W2XG-2M8H fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Our assessment We added platform to the blocklist of unsafe modules https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975. It was not possible to inject extra arguments to file without first monkey-patching platform.followsymlinks with the pickle, as it always...
fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Our assessment We added platform to the blocklist of unsafe modules https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975. It was not possible to inject extra arguments to file without first monkey-patching platform.followsymlinks with the pickle, as it always...
fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist
Our analysis As stated in the project's security policy, we also don't consider UnusedVariables bypasses to be security issues. We added several unsafe modules mentioned by the reporter in advisory comments to the blocklist...
Incomplete List of Disallowed Inputs
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the UNSAFEIMPORTS list. An attacker can execute arbitrary system commands by crafting a malicious pickle file that imports...
Fickling missing RCE-capable modules in UNSAFE_IMPORTS
Assessment The modules uuid, osxsupport and aixsupport were added to the blocklist of unsafe imports https://github.com/trailofbits/fickling/commit/ffac3479dbb97a7a1592d85991888562d34dd05b. Original report Summary fickling's UNSAFEIMPORTS blocklist is missing at least 3 stdlib modules that provid...
GHSA-5HWF-RC88-82XM Fickling missing RCE-capable modules in UNSAFE_IMPORTS
Assessment The modules uuid, osxsupport and aixsupport were added to the blocklist of unsafe imports https://github.com/trailofbits/fickling/commit/ffac3479dbb97a7a1592d85991888562d34dd05b. Original report Summary fickling's UNSAFEIMPORTS blocklist is missing at least 3 stdlib modules that provid...
Improperly Implemented Security Check for Standard
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the alwayschecksafety function. An attacker can execute arbitrary code by supplying a malicious pickle payload...
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked
Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...
GHSA-WCCX-J62J-R448 Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked
Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...
Incomplete List of Disallowed Inputs
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the islikelysafe, checksafety, --check-safety, alwayschecksafety and checksafety interfaces. An attacker can execute arbitra...