Количество 2
Количество 2
CVE-2025-1716
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
GHSA-655q-fx9r-782v
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-1716 picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic. | CVSS3: 9.8 | 4% Низкий | 12 месяцев назад |
| GHSA-655q-fx9r-782v Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis | 4% Низкий | 11 месяцев назад |
Уязвимостей на страницу