GHSA-4p4h-9gvq-7xfg

Опубликовано: 24 апр. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.8

Описание

Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references.

Original Description

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-46417
https://github.com/mmaitre314/picklescan/pull/40
https://github.com/advisories/GHSA-93mv-x874-956g

Пакеты

Наименование

picklescan

pip

Затронутые версииВерсия исправления

Отсутствует

6.8 Medium

CVSS4

Дефекты

CWE-184

6.8 Medium

CVSS4

Дефекты

CWE-184