picklescan 1.0.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the picklescan package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Permissive List of Allowed Inputs picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the `_unsafe_globals()` function that does not block `pkgutil.resolve_name()` Python stdlib function. An attacker can execute arbitrary code by crafting a pickle payload that uses `pkgutil.resolve_name()` to access and invoke blocked or dangerous functions, bypassing the intended blocklist protections. How to fix Permissive List of Allowed Inputs? Upgrade `picklescan` to version 1.0.4 or higher.	[,1.0.4)
H Incomplete List of Disallowed Inputs picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the `_unsafe_globals()` function. An attacker can execute arbitrary code by crafting a malicious pickle that invokes `profile.run()` and achieves code execution through `exec()` while bypassing the intended blocklist. How to fix Incomplete List of Disallowed Inputs? Upgrade `picklescan` to version 1.0.4 or higher.	[,1.0.4)
H Incomplete List of Disallowed Inputs picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the `_unsafe_globals()` function. An attacker can execute arbitrary commands on the target system by crafting a malicious pickle file that imports unblocked Python standard library modules and functions, which are not detected by the scanning process. How to fix Incomplete List of Disallowed Inputs? Upgrade `picklescan` to version 1.0.4 or higher.	[,1.0.4)

Vulnerability

Vulnerable Version

Permissive List of Allowed Inputs

picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the _unsafe_globals() function that does not block pkgutil.resolve_name() Python stdlib function. An attacker can execute arbitrary code by crafting a pickle payload that uses pkgutil.resolve_name() to access and invoke blocked or dangerous functions, bypassing the intended blocklist protections.

How to fix Permissive List of Allowed Inputs?

Upgrade picklescan to version 1.0.4 or higher.

[,1.0.4)

Incomplete List of Disallowed Inputs

picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the _unsafe_globals() function. An attacker can execute arbitrary code by crafting a malicious pickle that invokes profile.run() and achieves code execution through exec() while bypassing the intended blocklist.

How to fix Incomplete List of Disallowed Inputs?

Upgrade picklescan to version 1.0.4 or higher.

[,1.0.4)

Incomplete List of Disallowed Inputs

picklescan is a Security scanner detecting Python Pickle files performing suspicious actions

Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the _unsafe_globals() function. An attacker can execute arbitrary commands on the target system by crafting a malicious pickle file that imports unblocked Python standard library modules and functions, which are not detected by the scanning process.

How to fix Incomplete List of Disallowed Inputs?

Upgrade picklescan to version 1.0.4 or higher.

[,1.0.4)

picklescan@1.0.3 vulnerabilities

Security scanner detecting Python Pickle files performing suspicious actions

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically