Lucene search
+L

97 matches found

CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the runpy module as unsafe, which could lead to the execution of attacker-controlled code...

9.3CVSS6.8AI score0.00425EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.8 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in versions prior to Fickling 0.1.7 that stems from the static analyzer failing to flag high-risk modules, which could lead to bypassing security checks and executing arbitrary...

9.3CVSS6.8AI score0.00554EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/01/09 10:29 p.m.15 views

Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report Summary Fickling works by Pickle bytecode -- AST -- Security analysis...

9.3CVSS7.5AI score0.00264EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/01/09 10:29 p.m.6 views

GHSA-H4RM-MM56-XF63 Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report Summary Fickling works by Pickle bytecode -- AST -- Security analysis...

9.3CVSS6.1AI score0.00264EPSS
Exploits0References7
Snyk
Snyk
added 2026/01/09 9:12 p.m.2 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unsafeimports function. An attacker can execute arbitrary code by supplying a malicious pickle that imports dangerous...

9.3CVSS8AI score0.00554EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/09 9:5 p.m.2 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code by supplying a malicious pickle payload that uses the pydoc and ctypes modules to bypass...

9.3CVSS7.7AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/01/09 9:5 p.m.6 views

GHSA-5HVC-6WX8-MVV4 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling's assessment pydoc and ctypes were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1. Original report Summary Both ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools like...

9.3CVSS5.9AI score0.00346EPSS
Exploits0References8
Snyk
Snyk
added 2026/01/09 9:4 p.m.3 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the cProfile.run process. An attacker can execute arbitrary code by supplying a malicious pickle file that bypasses checks and...

9.3CVSS7.7AI score0.0044EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/01/09 9:4 p.m.12 views

Fickling Blocklist Bypass: cProfile.run()

Fickling's assessment cProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description Summary Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because ...

9.3CVSS8.2AI score0.0044EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2026/01/09 9:4 p.m.3 views

GHSA-P523-JQ9W-64X9 Fickling Blocklist Bypass: cProfile.run()

Fickling's assessment cProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description Summary Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because ...

9.3CVSS6.4AI score0.0044EPSS
Exploits1References11
Snyk
Snyk
added 2026/01/09 8:52 p.m.4 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runpy module. An attacker can execute arbitrary code by supplying a malicious pickle file that uses runpy.runpath or...

9.3CVSS7.8AI score0.00425EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/01/09 8:52 p.m.13 views

Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling's assessment runpy was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66. Original report Summary Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicio...

9.3CVSS8.3AI score0.00425EPSS
Exploits1References11Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.11 views

PT-2026-2229

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe imports method within Fickling’s static analyzer does not identify several high-risk Python modules...

9.3CVSS7.7AI score0.00554EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.10 views

PT-2026-2232

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling, a Python pickling decompiler and static analyzer, is susceptible to a detection bypass due to a "builtins" blindness issue. This allows for potential circumvention of security measures...

9.3CVSS6.5AI score0.00264EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-2227

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the cProfile.run function as SUSPICIOUS instead of OVERTLY MALICIOUS. This...

9.3CVSS7.1AI score0.0044EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.30 views

PT-2026-2228

Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling, a Python pickling decompiler and static analyzer, does not explicitly block the ctypes and pydoc modules in versions prior to 0.1.7. Combining these modules can lead to Remote Code Executi...

9.3CVSS7AI score0.00346EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.10 views

PT-2026-2226

Name of the Vulnerable Software and Affected Versions Fickling versions up to and including 0.1.6 Description Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing Python’s runpy.run path or runpy.run module as SUSPICIOUS instead of OVERTLY MALICIOUS...

9.3CVSS6.8AI score0.00425EPSS
Exploits1References19
RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.8 views

CVE-2025-67747

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

8.5CVSS7.6AI score0.00246EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.7 views

CVE-2025-67748

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...

8.5CVSS6.8AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2025/12/16 1:15 a.m.11 views

CVE-2025-67747

Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...

8.5CVSS0.00246EPSS
Exploits1References4
Rows per page
Query Builder