CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

Insecure Deserialization

picklescan is vulnerable to insecure deserialization. The vulnerability is due to using the getentity function to execute a remote pickle file, which allows an attacker to run arbitrary code...

Insecure Deserialization

picklescan is vulnerable to Insecure Deserialization. The vulnerability is due to the use of AutoComplete.getentity to execute remote pickle files, which allows an attacker to run arbitrary code on the target system...

GHSA-6W4W-5W54-RJVR Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

Summary Using idlelib.autocomplete.AutoComplete.getentity, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.getentity functio...