7 matches found
EUVD-2025-29398
Malicious code in bioql PyPI...
Picklescan failed to detect to some unsafe global function in Numpy library
Summary An unsafe deserialization vulnerability in Python’s pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. This can be exploited by import some built-in function in Numpy library that indrectly call some dangerou...
Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-655q-fx9r-782v. This link is maintained to preserve external references. Original Description picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that use...
GHSA-VR75-HJH9-7FR6 Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-655q-fx9r-782v. This link is maintained to preserve external references. Original Description picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that use...
CVE-2025-1716
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...
CVE-2025-1716
CVE-2025-1716 affects picklescan later than 0.0.21; the root cause is unsafe deserialization via Python pickle, specifically calling pip.main() to install a malicious PyPI package, enabling RCE when unpickling. Exploitation could bypass static analysis, as demonstrated by the associated POC and m...
CVE-2025-1716 picklescan - Security scanning bypass via 'pip main'
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package hosted, for example, on pypi.org or GitHub via pip.main. Because pip is not a restricted global, the model, when scanned with picklesca...