9 matches found
CVE-2025-71357
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
EUVD-2025-210293
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
CVE-2025-71357 picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
EUVD-2025-29495
Malicious code in bioql PyPI...
GHSA-J343-8V2J-FF7W Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
Summary Using idlelib.pyshell.ModifiedInterpreter.runcommand function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-7CQ8-MJ8X-J263 Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-6W4W-5W54-RJVR Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
Summary Using idlelib.autocomplete.AutoComplete.getentity, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.getentity functio...
GHSA-3VG9-H568-4W9M Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
Summary Using idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.debugobj.ObjectTreeItem.SetText function in...
PT-2026-51385
Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description An issue exists where the software fails to detect malicious pickle files that utilize the get entity function within the idlelib.autocomplete.AutoComplete module in reduce methods. This allows...