Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

GHSA-V7X6-RV5Q-MHWC Picklescan missing detection when calling built-in python library function timeit.timeit()

Summary Using timeit.timeit function, which is a built-in python library function to execute remote pickle file. Details Pickle’s deserialization process is known to allow execution of function via reduce method. While Picklescan is meant to detect such exploits, this attack evades detection by...