picklescan 0.0.9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the picklescan package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `_build_scan_result_from_raw_globals` function in the `scanner.py` file. An attacker can execute arbitrary code by crafting payloads that import submodules of dangerous packages, thereby bypassing the intended security checks. How to fix Deserialization of Untrusted Data? Upgrade `picklescan` to version 0.0.31 or higher.	[,0.0.31)
H Protection Mechanism Failure picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the `_unsafe_globals` check. An attacker can bypass detection of malicious content by crafting malicious pickle payloads that use subclasses of dangerous imports instead of the exact module names. How to fix Protection Mechanism Failure? Upgrade `picklescan` to version 0.0.31 or higher.	[,0.0.31)
H Protection Mechanism Failure picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure when processing ZIP files. An attacker can bypass detection of malicious payloads by crafting ZIP archives with invalid CRC values, causing the scan to fail and return no results while still allowing other tools to load the contents. How to fix Protection Mechanism Failure? Upgrade `picklescan` to version 0.0.31 or higher.	[,0.0.31)
H Protection Mechanism Failure picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Protection Mechanism Failure via the `scan_bytes` function. An attacker can bypass detection of malicious content by disguising a standard pickle file with a PyTorch-related extension, causing the scanner to fail to analyze the file as a pickle. How to fix Protection Mechanism Failure? Upgrade `picklescan` to version 0.0.31 or higher.	[,0.0.31)
M Remote Code Execution (RCE) picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to using `torch.utils.data.datapipes.utils.decoder.basichandlers` function. An attacker can execute arbitrary code by crafting a malicious pickle file that bypasses detection and is subsequently loaded. How to fix Remote Code Execution (RCE)? Upgrade `picklescan` to version 0.0.28 or higher.	[,0.0.28)
M Remote Code Execution (RCE) picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to using `torch.utils._config_module.load_config` function. An attacker can execute arbitrary code by crafting a malicious pickle file that leverages this function to bypass security checks, which may then be loaded with `pickle` by a user. How to fix Remote Code Execution (RCE)? Upgrade `picklescan` to version 0.0.28 or higher.	[,0.0.28)
M Remote Code Execution (RCE) picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to using the `torch._dynamo.guards.GuardBuilder.get` function. An attacker can execute arbitrary code by crafting a malicious pickle file that leverages this function and remains undetected during security checks, and is then loaded with `pickle` by a user. How to fix Remote Code Execution (RCE)? Upgrade `picklescan` to version 0.0.28 or higher.	[,0.0.28)
M Remote Code Execution (RCE) picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to insufficient detection in the `reduce` method involving the `torch.jit.unsupported_tensor_ops.execWrapper` function. An attacker can execute arbitrary code by crafting a malicious pickle file that bypasses security checks and is subsequently loaded. How to fix Remote Code Execution (RCE)? Upgrade `picklescan` to version 0.0.28 or higher.	[,0.0.28)
M Remote Code Execution (RCE) picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to the use of `torch.utils.collect_env.run` in the reduce method. An attacker can execute arbitrary code by crafting a malicious pickle file that leverages this function to bypass detection and trigger code execution upon loading. How to fix Remote Code Execution (RCE)? Upgrade `picklescan` to version 0.0.28 or higher.	[,0.0.28)
M Remote Code Execution (RCE) picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution (RCE) via the `bottleneck_main.run_cprofile` function. An attacker can craft a malicious pickle file that leverages this function to bypass detection and trigger code execution upon deserialization by a user. How to fix Remote Code Execution (RCE)? Upgrade `picklescan` to version 0.0.28 or higher.	[,0.0.28)
M Remote Code Execution (RCE) picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to insufficient detection in the `evaluate_guards_expression` function. An attacker can execute arbitrary code by crafting a malicious pickle file that leverages this function during deserialization, which will not be detected as malicious and may therefore be trusted by a user to load unsafely with `pickle`. How to fix Remote Code Execution (RCE)? Upgrade `picklescan` to version 0.0.28 or higher.	[,0.0.28)
M Deserialization of Untrusted Data picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `STACK_GLOBAL` opcode parsing process. An attacker can bypass detection mechanisms by crafting a malicious pickle file that exploits a logic flaw in argument tracking, causing the parser to mishandle arguments and trigger unexpected exceptions. How to fix Deserialization of Untrusted Data? Upgrade `picklescan` to version 0.0.27 or higher.	[,0.0.27)
M Incomplete List of Disallowed Inputs picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in `scanner.py`, which does not include `timeit` or other modules that can be leveraged for unintended command execution. An attacker can cause `exec()` to be invoked from inside a malicious pickle object by calling `timeit.timeit()`, and then convincing a user to execute the apparently non-dangerous payload after it passes a scan. How to fix Incomplete List of Disallowed Inputs? Upgrade `picklescan` to version 0.0.25 or higher.	[,0.0.25)
M Deserialization of Untrusted Data picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in `scanner.py`, which does not include `numpy.testing._private.utils` or other modules that can be leveraged for unintended command execution. An attacker can cause `exec()` to be invoked from inside a malicious pickle object by calling `runstring` in it, and then convincing a user to execute the apparently non-dangerous payload after it passes a scan. How to fix Deserialization of Untrusted Data? Upgrade `picklescan` to version 0.0.25 or higher.	[,0.0.25)
H Incomplete List of Disallowed Inputs picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in `scanner.py`, which does not include `ssl` or other modules that can be leveraged for remote operations. An attacker can read and exfiltrate sensitive local file content by constructing a malicious domain name and triggering a DNS resolution. The DNS resolution is performed after deserializaition and may call `ssl.get_server_certificate()`, which bypasses protections. How to fix Incomplete List of Disallowed Inputs? Upgrade `picklescan` to version 0.0.25 or higher.	[,0.0.25)
M Insufficient Verification of Data Authenticity picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity when PickleScan attempts to extract and scan PyTorch model archives, an attacker can manipulate the `ZIP` file by modifying the filename in the `ZIP` header while retaining the original filename in the directory listing. This causes PickleScan to raise a `BadZipFile` error, preventing proper scanning, while PyTorch's more lenient `ZIP` handling still allows the model to load, enabling malicious payloads to bypass detection. How to fix Insufficient Verification of Data Authenticity? Upgrade `picklescan` to version 0.0.23 or higher.	[,0.0.23)
M Insufficient Verification of Data Authenticity picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to improper handling of modified `ZIP` file flag bits. Attackers can exploit this by altering specific bits in the `ZIP` file headers within PyTorch model archives, embedding malicious pickle files that remain undetected by PickleScan while still being successfully loaded by PyTorch's `torch.load()`. How to fix Insufficient Verification of Data Authenticity? Upgrade `picklescan` to version 0.0.23 or higher.	[,0.0.23)
M Reliance on File Name or Extension of Externally-Supplied File picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File due to insufficient scanning of non-standard pickle file extensions. How to fix Reliance on File Name or Extension of Externally-Supplied File? Upgrade `picklescan` to version 0.0.22 or higher.	[,0.0.22)
M Incomplete List of Disallowed Inputs picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs which does not include `pip` under `_unsafe_globals` in `scanner.py`. An attacker can execute arbitrary code by loading a malicious model using `pip.main()`, which relies on `pickle` for deserialization. How to fix Incomplete List of Disallowed Inputs? Upgrade `picklescan` to version 0.0.21 or higher.	[,0.0.21)
C Deserialization of Untrusted Data picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper argument verification when handling a memo, making it possible to have a different memo and use `STACK_GLOBAL` to bypass allow-list checking. Exploiting this vulnerability could lead to remote code execution. How to fix Deserialization of Untrusted Data? Upgrade `picklescan` to version 0.0.13 or higher.	[,0.0.13)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data