picklescan@0.0.22 vulnerabilities

picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in scanner.py, which does not include numpy.testing._private.utils or other modules that can be leveraged for unintended command execution. An attacker can cause exec() to be invoked from inside a malicious pickle object by calling runstring in it, and then convincing a user to execute the apparently non-dangerous payload after it passes a scan.

Upgrade picklescan to version 0.0.25 or higher.

picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in scanner.py, which does not include ssl or other modules that can be leveraged for remote operations. An attacker can read and exfiltrate sensitive local file content by constructing a malicious domain name and triggering a DNS resolution. The DNS resolution is performed after deserializaition and may call ssl.get_server_certificate(), which bypasses protections.

Upgrade picklescan to version 0.0.25 or higher.

picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity when PickleScan attempts to extract and scan PyTorch model archives, an attacker can manipulate the ZIP file by modifying the filename in the ZIP header while retaining the original filename in the directory listing. This causes PickleScan to raise a BadZipFile error, preventing proper scanning, while PyTorch's more lenient ZIP handling still allows the model to load, enabling malicious payloads to bypass detection.

Upgrade picklescan to version 0.0.23 or higher.