7 matches found
CVE-2025-71341
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...
CVE-2025-71341 picklescan - Remote Code Execution via Undetected profile.Profile.runctx
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...
CVE-2025-71341
CVE-2025-71341 : The affected component is picklescan (versions before 0.0.29). The root cause is that the analyzer fails to detect the profile.Profile.runctx function when inspecting pickle files, specifically in the reduce method. This enables remote attackers to craft pickle payloads that embe...
EUVD-2025-29453
Malicious code in bioql PyPI...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization because profile.Profile.runctx can be abused to execute malicious pickle files...
Picklescan has a missing detection when calling built-in python profile.Profile.runctx
Summary Using profile.Profile.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.runctx function in reduce method Then when the victim...
GHSA-6VQJ-C2Q5-J97W Picklescan has a missing detection when calling built-in python profile.Profile.runctx
Summary Using profile.Profile.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.runctx function in reduce method Then when the victim...