79 matches found
CVE-2025-1945
The CVE-2025-1945 issue affects PickleScan before 0.0.23, which fails to detect malicious pickle payloads embedded inside PyTorch model archives when specific ZIP header flag bits are modified. By flipping ZIP flag bits (e.g., 0x1, 0x20, 0x40) in the archive, an attacker can place a malicious pic...
CVE-2025-1944
Summary (concrete details): CVE-2025-1944 affects picklescan
CVE-2025-1944 picklescan ZIP archive manipulation attack leads to crash
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan...
picklescan 数据伪造问题漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. A data forgery issue vulnerability exists in picklescan versions prior to 0.0.23, which stems from a ZIP file manipulation that may cause a crash, thereby bypassing malicious payload detection...
Remote Code Execution
Picklescan is vulnerable to Remote Code Execution. The vulnerability is due to improper restriction of dangerous globals, allowing an attacker to craft a malicious model that executes pip.main to install and execute malicious packages...
Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-769v-p64c-89pr. This link is maintained to preserve external references. Original Description picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An...
Reliance on File Name or Extension of Externally-Supplied File
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File due to insufficient scanning of non-standard pickle file extensions. Remediation...
CVE-2025-1889
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...
CVE-2025-1889
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...
CVE-2025-1889 picklescan - Security scanning bypass via non-standard file extensions
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...
GHSA-VR75-HJH9-7FR6 Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-655q-fx9r-782v. This link is maintained to preserve external references. Original Description picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that use...
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-655q-fx9r-782v. This link is maintained to preserve external references. Original Description picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that use...
CVE-2025-1716
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
PYSEC-2025-18
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
CVE-2025-1716
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
PYSEC-2025-18
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
CVE-2025-1716
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
CVE-2025-1716
CVE-2025-1716 affects picklescan later than 0.0.21; the root cause is unsafe deserialization via Python pickle, specifically calling pip.main() to install a malicious PyPI package, enabling RCE when unpickling. Exploitation could bypass static analysis, as demonstrated by the associated POC and m...
picklescan 安全漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in versions of picklescan prior to 0.0.21, which stems from not treating pip as an insecure global variable, which could lead to a malicious model introducing a malicious PyPI...