PT-2026-55680 · Picklescan · Picklescan

Coolwindhf

·

Publicado

2026-07-04

·

Atualizado

2026-07-04

·

CVE-2025-71373

CVSS v3.1

8.1

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.

Correção

Protection Mechanism Failure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2025-71373

Produtos afetados

Picklescan