2 matches found
CVE-2025-71359
The CVE concerns the Python package picklescan prior to version 0.0.29, where the vulnerability lies in deserializing pickle payloads that leverage lib2to3.pgen2.grammar.Grammar.loads within the reduce method. This can enable remote code execution during pickle.load() , by crafting pickle files t...
CVE-2025-71376
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...