2 matches found
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...
PT-2026-51383
Name of the Vulnerable Software and Affected Versions Picklescan versions prior to 0.0.33 Description Picklescan fails to detect the numpy.f2py.crackfortran. eval length gadget within pickle reduce methods. This allows attackers to craft malicious pickle files that execute arbitrary Python code...