0X-Apollyon

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized.

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file util.write file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget chain detection.

**Name of the Vulnerable Software and Affected Versions** Tornado versions prior to 6.5.5 **Description** Tornado is a Python web framework and asynchronous networking library. In versions prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` requests is the `max body size` setting, which defaults to 100MB. Because parsing of these requests occurs synchronously on the main thread, this can lead to a denial-of-service condition due to the computational cost of processing very large multipart bodies with numerous parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request, configurable through `tornado.httputil.ParseMultipartConfig`. It is also possible to disable `multipart/form-data` parsing entirely if it is not required. **Recommendations** Versions prior to 6.5.5 should be updated to version 6.5.5 or later.

**Name of the Vulnerable Software and Affected Versions** Fickling versions prior to 0.1.7 **Description** Fickling, a Python pickling decompiler and static analyzer, does not explicitly block the `ctypes` and `pydoc` modules in versions prior to 0.1.7. Combining these modules can lead to Remote Code Execution (RCE), even while the scanner reports the file as LIKELY SAFE. The issue arises because existing pickle scanning tools, such as `picklescan`, also do not block `pydoc.locate`. **Recommendations** Update to Fickling version 0.1.7 or later.

**Name of the Vulnerable Software and Affected Versions** Fickling versions prior to 0.1.7 **Description** Fickling, a Python pickling decompiler and static analyzer, is susceptible to a detection bypass due to a "builtins" blindness issue. This allows for potential circumvention of security measures. **Recommendations** Upgrade to version 0.1.7 or later to address this issue.