Jfrog

**Name of the Vulnerable Software and Affected Versions** mmaitre314 picklescan versions up to and including 0.0.30 **Description** An Improper Input Validation vulnerability exists in the scanning logic of picklescan. This flaw allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file is incorrectly considered safe and loaded, it can lead to the execution of malicious code. The issue arises because the scanner prioritizes PyTorch file extension checks and fails to fall back to standard pickle analysis when encountering a standard pickle file with a PyTorch extension. This allows attackers to disguise malicious pickle payloads within files that would otherwise be scanned for pickle-based threats. **Recommendations** Versions prior to 0.0.30: Modify the scanning logic to ensure that standard pickle scanning is attempted as a fallback mechanism when PyTorch scanning fails or is not applicable. Specifically, always attempt to scan the file as a standard pickle, regardless of the success or failure of the PyTorch scan or the file extension.

**Name of the Vulnerable Software and Affected Versions** mmaitre314 picklescan (affected versions not specified) **Description** An Improper Handling of Exceptional Conditions vulnerability exists in the ZIP archive scanning component of mmaitre314 picklescan. This allows a remote attacker to bypass security scans by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC). When the file is incorrectly considered safe, it can lead to the execution of malicious code. The scanner halts and fails to analyze the contents for malicious pickle files when encountering a file with a bad CRC. This discrepancy between Picklescan and PyTorch's handling of CRC checks allows attackers to potentially hide malicious pickle payloads within ZIP archives that PyTorch might still be able to load. The issue occurs because Picklescan does not attempt to scan files within the archive when a bad CRC is detected, while PyTorch may bypass CRC checks in certain configurations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mmaitre314 picklescan versions up to and including 0.0.30 **Description** A protection mechanism failure in picklescan allows a remote attacker to bypass the unsafe globals check. This occurs because the scanner uses an exact match for module names, enabling malicious payloads to be loaded through submodules of dangerous packages, such as 'asyncio.unix events' instead of 'asyncio'. When a file incorrectly identified as safe is loaded, it can result in the execution of malicious code. The vulnerability could lead to arbitrary code execution on a user's system when processing malicious files packaged in ZIP archives. **Recommendations** Versions prior to 0.0.31 are affected. Replace the code at https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309C9-L309C54 with the following code snippet: ``` matched key = None if imported global.module: for key in globals in unsafe globals.keys(): if imported global.module.startswith(key in globals): if (imported global.module == key in globals or (len(imported global.module) > len(key in globals) and imported global.module[len(key in globals)] == '.')): if matched key is None or len(key in globals) > len(matched key): matched key = key in globals if matched key: unsafe filter = unsafe globals[matched key] ```