3 matches found
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to trace.Trace.run executing code from untrusted pickle files, which can execute arbitrary code when a malicious pickle is loaded...
GHSA-5QWP-399C-MJWF Picklescan has a missing detection when calling built-in python trace.Trace.run
Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.run function in reduce method Then when the victim after checking...
Picklescan has a missing detection when calling built-in python trace.Trace.run
Summary Using trace.Trace.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.run function in reduce method Then when the victim after checking...