Vulnerability	Vulnerable Version
M Reliance on File Name or Extension of Externally-Supplied File picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File due to insufficient scanning of non-standard pickle file extensions. How to fix Reliance on File Name or Extension of Externally-Supplied File? Upgrade `picklescan` to version 0.0.22 or higher.	[,0.0.22)
M Incomplete List of Disallowed Inputs picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs which does not include `pip` under `_unsafe_globals` in `scanner.py`. An attacker can execute arbitrary code by loading a malicious model using `pip.main()`, which relies on `pickle` for deserialization. How to fix Incomplete List of Disallowed Inputs? Upgrade `picklescan` to version 0.0.21 or higher.	[,0.0.21)
C Deserialization of Untrusted Data picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper argument verification when handling a memo, making it possible to have a different memo and use `STACK_GLOBAL` to bypass allow-list checking. Exploiting this vulnerability could lead to remote code execution. How to fix Deserialization of Untrusted Data? Upgrade `picklescan` to version 0.0.13 or higher.	[,0.0.13)

Go back to all versions of this package