Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Summary Picklescan does not detect malicious pickles that exfiltrate sensitive information via DNS after deserialization. Details picklescan’s blacklist can be bypassed to exfiltrate sensitive information like file contents, secrets, or credentials during model deserialization by leveraging...