6 matches found
CVE-2026-14535
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
CVE-2026-14535
Summary: CVE-2026-14535 affects Trail of Bits fickling up to version 0.1.11. A logic error in the UnsafeImportsML and MLAllowlist passes causes shared mutable state (AnalysisContext.reported_shortened_code) to poison deduplication, rendering MLAllowlist dead code and allowing certain pickle paylo...
EUVD-2026-41676
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
EUVD-2026-41675
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
GHSA-5CXW-W2XG-2M8H fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`
Our assessment We added platform to the blocklist of unsafe modules https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975. It was not possible to inject extra arguments to file without first monkey-patching platform.followsymlinks with the pickle, as it always...
Remote Code Execution (RCE)
fickling is vulnerable to Remote Code Execution RCE. The vulnerability is due to the failure to explicitly block dangerous modules such as ctypes and pydoc, which allows an attacker to chain pydoc.locate with ctypes during pickle analysis to achieve RCE while the malicious pickle file is still...