5 matches found
CVE-2025-71363
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserializatio...
GHSA-Q77W-MWJJ-7MQX Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
Summary Using asyncio.unixevents.UnixSubprocessTransport.start function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-M869-42CG-3XWR Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
Summary Using idlelib.run.Executive.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.run.Executive.runcode function in reduce method...
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
Summary Using idlelib.calltip.Calltip.fetchtip, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.Calltip.fetchtip function in reduce method The...
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...