logo

Database

Lack of data validation In picklescan

Description

Duplicate Advisory: Remote Code Execution via Malicious Pickle File Bypassing Static Analysis

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-655q-fx9r-782v. This link is maintained to preserve external references.

Original Description

picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via pip.main(). Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. NVD-2025-17162. GHSA-655q-fx9r-782v3. GCVE-GHSA-vr75-hjh9-7fr6

References

1. https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v2. https://github.com/mmaitre314/picklescan/commit/78ce704227c51f070c0c5fb4b466d92c62a7aa3d

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.