PT-2026-51384 · Picklescan · Picklescan
Fredericdt
·
Publicado
2026-06-22
·
Atualizado
2026-06-22
·
CVE-2025-71344
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails to detect the ensurepip. run pip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip. run pip calls in reduce methods bypass picklescan detection and achieve remote code execution upon pickle.load() invocation.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Picklescan