3 matches found
CVE-2025-71359
The CVE concerns the Python package picklescan prior to version 0.0.29, where the vulnerability lies in deserializing pickle payloads that leverage lib2to3.pgen2.grammar.Grammar.loads within the reduce method. This can enable remote code execution during pickle.load() , by crafting pickle files t...
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
Summary Using lib2to3.pgen2.grammar.Grammar.loads, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to lib2to3.pgen2.grammar.Grammar.loads function in reduce meth...
GHSA-F54Q-57X4-JG88 Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
Summary Using lib2to3.pgen2.grammar.Grammar.loads, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to lib2to3.pgen2.grammar.Grammar.loads function in reduce meth...