79 matches found
Deserialization Attack
Picklescan is vulnerable to Deserialization Attack. The vulnerability is due to insecure deserialization by Picklescan's failure to detect malicious pickles, which allows an attacker to exfiltrate sensitive information via DNS...
Remote Code Execution (RCE)
Picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient detection of dangerous deserialization behavior due to bypassing security checks by invoking benign built-in functions like timeit.timeit in the reduce method, which are not blacklisted and allow...
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
Summary Picklescan does not detect malicious pickles that exfiltrate sensitive information via DNS after deserialization. Details picklescan’s blacklist can be bypassed to exfiltrate sensitive information like file contents, secrets, or credentials during model deserialization by leveraging...
Incomplete List of Disallowed Inputs
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in scanner.py, which does not include ssl or other modules that can be leveraged for remote operations. An...
GHSA-93MV-X874-956G Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
Summary Picklescan does not detect malicious pickles that exfiltrate sensitive information via DNS after deserialization. Details picklescan’s blacklist can be bypassed to exfiltrate sensitive information like file contents, secrets, or credentials during model deserialization by leveraging...
Arbitrary Code Execution (ACE)
PickleScan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to PickleScan failing to detect malicious pickle files when specific ZIP file flag bits are modified, allowing attackers to embed harmful pickle files that remain unnoticed while still being loaded by PyTorch’s...
Insufficient Verification Of Data Authenticity
PickleScan is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to a discrepancy in filename handling due to differences between ZIP header filenames and directory listing filenames, which allows an attacker to bypass detection by causing PickleScan to crash...
Zip Exploit Crashes Picklescan But Not PyTorch
Summary PickleScan is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise...
GHSA-7Q5R-7GVP-WC82 Zip Exploit Crashes Picklescan But Not PyTorch
Summary PickleScan is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise...
GHSA-W8JQ-XCQF-F792 Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
Summary PickleScan fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being successfully...
Insufficient Verification of Data Authenticity
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to improper handling of modified ZIP file flag bits. Attackers can exploit this by altering...
GHSA-2FH4-GPCH-VQV4 Duplicate Advisory: Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w8jq-xcqf-f792. This link is maintained to preserve external references. Original Description picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file...
GHSA-W6MR-MJ53-X258 Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7q5r-7gvp-wc82. This link is maintained to preserve external references. Original Description picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting t...
Insufficient Verification of Data Authenticity
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity when PickleScan attempts to extract and scan PyTorch model archives, an attacker can manipulate...
Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7q5r-7gvp-wc82. This link is maintained to preserve external references. Original Description picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting t...
CVE-2025-1945
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...
CVE-2025-1945
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...
CVE-2025-1944
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
PYSEC-2025-20
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
CVE-2025-1945 picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...