Описание
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via pip.main(). Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
Уязвимые конфигурации
Конфигурация 1Версия до 0.0.22 (исключая)
cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04248
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-184
Связанные уязвимости
github
11 месяцев назад
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
EPSS
Процентиль: 89%
0.04248
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-184