2 matches found
GHSA-5RPH-Q42J-36J9 Duplicate Advisory: Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9gvj-pp9x-gcfr. This link is maintained to preserve external references. Original Description picklescan before 0.0.27 contains a parsing logic error in the listglobals function when handling STACKGLOBAL opcodes...
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
Details There's a parsing logic error in picklescan and modelscan while trying to deal with opcode STACKGLOBAL. Function listglobals when handling STACKGLOBAL at position n, it is expected to track two arguments but in wrong range. The loop only consider the range from 1 to n-1 but forgets to...