23 matches found
CVE-2025-71376
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...
EUVD-2025-210307
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupportedtensorops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
CVE-2025-71357
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...
CVE-2025-71320
picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when...
CVE-2025-71322
PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...
EUVD-2025-210271
picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigg...
CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function
PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...
CVE-2025-71322
CVE-2025-71322 affects PickleScan prior to 0.0.33, where the unsafe-globals check omits pty.spawn. Attackers can craft pickle payloads using pty.spawn to bypass checks and achieve arbitrary code execution during file processing. The connected records confirm the root cause (missing pty.spawn in u...
EUVD-2025-210268
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...
GHSA-7WX9-6375-F5WH PickleScan's profile.run blocklist mismatch allows exec() bypass
Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...
EUVD-2026-1561
picklescan has Arbitrary file read using io.FileIO...
GHSA-HGRH-QX5J-JFWX Picklescan Bypasses Unsafe Globals Check using pty.spawn
Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from the absence of the pty library more specifically, of the pty.spawn function from PickleScan's list of unsafe globals. This vulnerabili...
Picklescan missing detection when calling pty.spawn
Summary Using pty.spawn, which is a built-in python library function to execute arbitrary commands on the host system. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to pty.spawn function in the reduce method. Then the victim attempts ...
CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...
CVE-2025-10157 PickleScan Bypasses Unsafe Globals Check Using Submodule Imports
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...
PYSEC-2025-152
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check CRC, which causes the...
CVE-2025-10156 PickleScan Security Bypass via Bad CRC in ZIP Archive
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check CRC, which causes the...
CVE-2025-10156 PickleScan Security Bypass via Bad CRC in ZIP Archive
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check CRC, which causes the...
CVE-2025-10156
CVE-2025-10156 concerns the ZIP archive scanning component of mmaitre314 picklescan. The issue is an improper handling of exceptional conditions: crafting a ZIP with a file having a bad CRC can cause the scanner to halt analysis of contents, leading to a file marked as safe being loaded and the e...
CVE-2025-10155
CVE-2025-10155 affects the Python tool picklescan by mmaitre314 (versions up to 0.0.30). The root cause is an ImpropER Input Validation issue in the scanning logic, which allows a standard pickle file with a PyTorch-related file extension to be treated as safe and loaded, enabling remote code exe...