Homepage

picklescan@0.0.29 vulnerabilities

Security scanner detecting Python Pickle files performing suspicious actions

  • latest version

    0.0.31

  • latest non vulnerable version

    0.0.31

  • first published

    3 years ago

  • latest version published

    10 days ago

  • licenses detected

  • View picklescan package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the picklescan package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Deserialization of Untrusted Data

    picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

    Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the _build_scan_result_from_raw_globals function in the scanner.py file. An attacker can execute arbitrary code by crafting payloads that import submodules of dangerous packages, thereby bypassing the intended security checks.

    How to fix Deserialization of Untrusted Data?

    Upgrade picklescan to version 0.0.31 or higher.

    [,0.0.31)
    • H
    Protection Mechanism Failure

    picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

    Affected versions of this package are vulnerable to Protection Mechanism Failure via the _unsafe_globals check. An attacker can bypass detection of malicious content by crafting malicious pickle payloads that use subclasses of dangerous imports instead of the exact module names.

    How to fix Protection Mechanism Failure?

    Upgrade picklescan to version 0.0.31 or higher.

    [,0.0.31)
    • H
    Protection Mechanism Failure

    picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

    Affected versions of this package are vulnerable to Protection Mechanism Failure when processing ZIP files. An attacker can bypass detection of malicious payloads by crafting ZIP archives with invalid CRC values, causing the scan to fail and return no results while still allowing other tools to load the contents.

    How to fix Protection Mechanism Failure?

    Upgrade picklescan to version 0.0.31 or higher.

    [,0.0.31)
    • H
    Protection Mechanism Failure

    picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

    Affected versions of this package are vulnerable to Protection Mechanism Failure via the scan_bytes function. An attacker can bypass detection of malicious content by disguising a standard pickle file with a PyTorch-related extension, causing the scanner to fail to analyze the file as a pickle.

    How to fix Protection Mechanism Failure?

    Upgrade picklescan to version 0.0.31 or higher.

    [,0.0.31)
    Go back to all versions of this package