Lucene search
K

5 matches found

NVD
NVD
added 2026/07/04 2:16 a.m.11 views

CVE-2025-71343

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.makelabel function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load is called...

8.1CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29500

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
OSV
OSV
added 2025/08/26 9:34 p.m.4 views

GHSA-P9W7-82W4-7Q8M Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

8.1CVSS7.9AI score0.003EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 1:27 a.m.19 views

RPLY Predictable Tmpfile Names Allows Cache Spoofing

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

2.1CVSS6.5AI score0.00351EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2014/01/28 12:55 a.m.7 views

PYSEC-2014-117

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

2.1CVSS5.8AI score0.00351EPSS
Exploits0References7
Rows per page
Query Builder