PT-2026-51215 · Picklescan · Picklescan
Seaw1Nd
·
Publicado
2026-06-21
·
Atualizado
2026-06-21
·
CVE-2025-71351
CVSS v4.0
7.6
Alta
| Vetor | AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute when pickle.load() is called.
Correção
Incomplete List of Disallowed Inputs
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Picklescan