4 matches found
EUVD-2025-29482
Malicious code in bioql PyPI...
Remote Code Execution (RCE)
picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization/execution because trace.Trace.runctx can be used to execute code from untrusted pickle or otherwise crafted inputs in the interpreter context, allowing arbitrary code execution...
GHSA-G344-HCPH-8VGG Picklescan has a missing detection when calling built-in python trace.Trace.runctx
Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.runctx function in reduce method Then when the victim after...
Picklescan has a missing detection when calling built-in python trace.Trace.runctx
Summary Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to trace.Trace.runctx function in reduce method Then when the victim after...