2 matches found
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
Summary Using torch.utils.collectenv.run function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.collectenv.run function in reduce method Then when the...
Picklescan failed to detect to some unsafe global function in Numpy library
Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...