Lucene search
+L

3 matches found

OSV
OSV
added 2025/08/26 6:38 p.m.2 views

GHSA-8R4J-24QV-FMQ9 Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

Summary Using idlelib.calltip.Calltip.fetchtip, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.Calltip.fetchtip function in reduce method The...

8.1CVSS7.9AI score0.00339EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/22 4:56 p.m.6 views

Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression

Summary Using torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/07 7:37 p.m.11 views

Picklescan missing detection when calling built-in python library function timeit.timeit()

Summary Using timeit.timeit function, which is a built-in python library function to execute remote pickle file. Details Pickle’s deserialization process is known to allow execution of function via reduce method. While Picklescan is meant to detect such exploits, this attack evades detection by...

8.4AI score
Exploits0References4Affected Software1
Rows per page
Query Builder