10 matches found
CVE-2025-10155
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
GHSA-HF6H-9WQ7-HMJG Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7qq-56ww-84cr. This link is maintained to preserve external references. Original Description A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a...
Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7qq-56ww-84cr. This link is maintained to preserve external references. Original Description A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a...
PYSEC-2025-153
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via...
CVE-2025-10157
CVE-2025-10157 affects mmaitre314’s Picklescan up to version 0.0.30, describing a protection-mechanism failure that bypasses the unsafe-globals check by loading malicious payloads through submodules of dangerous packages (e.g., asyncio.unix_events). Exploitation could lead to arbitrary code execu...
PYSEC-2025-151
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
CVE-2025-10155
CVE-2025-10155 affects the Python tool picklescan by mmaitre314 (versions up to 0.0.30). The root cause is an ImpropER Input Validation issue in the scanning logic, which allows a standard pickle file with a PyTorch-related file extension to be treated as safe and loaded, enabling remote code exe...
CVE-2025-10155 PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly...
picklescan 安全漏洞
picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in picklescan version 0.0.30 and earlier, which stems from an insufficient module name check that could lead to bypassing insecure global checks and executing malicious code...