Lucene search
K

5 matches found

CVE
CVE
added 6 days ago9 views

CVE-2025-71368

Summary: CVE-2025-71368 affects picklescan prior to 0.0.30, which fails to detect the doctest.debug_script function when analyzing pickle files. This allows remote attackers to craft malicious pickle payloads embedding doctest.debug_script that bypass picklescan detection and trigger arbitrary co...

8.1CVSS6.1AI score0.00769EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/26 9:40 p.m.7 views

Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start

Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

7.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/26 9:38 p.m.5 views

GHSA-9W88-8RMG-7G2P Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00338EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/08/26 9:34 p.m.10 views

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

8.1CVSS7.9AI score0.00367EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/26 6:39 p.m.12 views

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

Summary Using idlelib.calltip.getentity function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.getentity function in reduce method Then whe...

7.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder