Tob

**Name of the Vulnerable Software and Affected Versions** Fickling versions up to and including 0.1.6 **Description** Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing Python’s `runpy.run path()` or `runpy.run module()` as SUSPICIOUS instead of OVERTLY MALICIOUS. This misclassification can occur when a user relies on Fickling’s output to determine the safety of pickle deserialization, potentially leading to the execution of attacker-controlled code. This issue impacts any workflow or product that uses Fickling as a security gate for pickle deserialization. **Recommendations** Versions prior to 0.1.7 should be updated to version 0.1.7 or later.

**Name of the Vulnerable Software and Affected Versions** Fickling versions up to and including 0.1.6 **Description** Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the `cProfile.run()` function as SUSPICIOUS instead of OVERTLY MALICIOUS. This misclassification can lead users to execute attacker-controlled code if they rely on Fickling’s output to determine pickle safety for deserialization. This issue impacts any workflow or product using Fickling as a security gate for pickle deserialization. **Recommendations** Versions up to and including 0.1.6 should be updated to version 0.1.7 or later.