Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/73134?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/73134?format=api", "purl": "pkg:pypi/picklescan@0.0.34", "type": "pypi", "namespace": "", "name": "picklescan", "version": "0.0.34", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.0.4", "latest_non_vulnerable_version": "1.0.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49639?format=api", "vulnerability_id": "VCID-afab-1ggb-8faa", "summary": "picklescan has Arbitrary file read using `io.FileIO`\nUnsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data (example: /etc/passwd) to an external server.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/mmaitre314/picklescan/commit/a01c58d5dd7960db557b849817c0ab83ab111ef1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/commit/a01c58d5dd7960db557b849817c0ab83ab111ef1" }, { "reference_url": "https://github.com/mmaitre314/picklescan/pull/55", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/pull/55" }, { "reference_url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.35", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.35" }, { "reference_url": "https://github.com/advisories/GHSA-9726-w42j-3qjr", "reference_id": "GHSA-9726-w42j-3qjr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9726-w42j-3qjr" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr", "reference_id": "GHSA-9726-w42j-3qjr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73280?format=api", "purl": "pkg:pypi/picklescan@0.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dz86-5sqp-m3gj" }, { "vulnerability": "VCID-ffv8-d2fk-tubb" }, { "vulnerability": "VCID-h67b-5y6y-xffd" }, { "vulnerability": "VCID-mhm6-27cp-1yhr" }, { "vulnerability": "VCID-r3gk-x182-juf5" }, { "vulnerability": "VCID-sapx-fzv8-pbcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.35" } ], "aliases": [ "GHSA-9726-w42j-3qjr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afab-1ggb-8faa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50596?format=api", "vulnerability_id": "VCID-dz86-5sqp-m3gj", "summary": "PickleScan has multiple stdlib modules with direct RCE not in blocklist\npicklescan v1.0.3 (latest) does not block at least 7 Python standard library modules that provide direct arbitrary command execution or code evaluation. A malicious pickle file importing these modules is reported as having 0 issues (CLEAN scan). This enables remote code execution that bypasses picklescan entirely.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/advisories/GHSA-g38g-8gr9-h9xp", "reference_id": "GHSA-g38g-8gr9-h9xp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g38g-8gr9-h9xp" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-g38g-8gr9-h9xp", "reference_id": "GHSA-g38g-8gr9-h9xp", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-g38g-8gr9-h9xp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74402?format=api", "purl": "pkg:pypi/picklescan@1.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@1.0.4" } ], "aliases": [ "GHSA-g38g-8gr9-h9xp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dz86-5sqp-m3gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50643?format=api", "vulnerability_id": "VCID-ffv8-d2fk-tubb", "summary": "PickleScan's pkgutil.resolve_name has a universal blocklist bypass\n`pkgutil.resolve_name()` is a Python stdlib function that resolves any `\"module:attribute\"` string to the corresponding Python object at runtime. By using `pkgutil.resolve_name` as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function (e.g., `os.system`, `builtins.exec`, `subprocess.call`) without that function appearing in the pickle's opcodes. picklescan only sees `pkgutil.resolve_name` (which is not blocked) and misses the actual dangerous function entirely.\n\nThis defeats picklescan's **entire blocklist concept** — every single entry in `_unsafe_globals` can be bypassed.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/advisories/GHSA-vvpj-8cmc-gx39", "reference_id": "GHSA-vvpj-8cmc-gx39", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vvpj-8cmc-gx39" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vvpj-8cmc-gx39", "reference_id": "GHSA-vvpj-8cmc-gx39", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vvpj-8cmc-gx39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74402?format=api", "purl": "pkg:pypi/picklescan@1.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@1.0.4" } ], "aliases": [ "GHSA-vvpj-8cmc-gx39" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffv8-d2fk-tubb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49924?format=api", "vulnerability_id": "VCID-h67b-5y6y-xffd", "summary": "picklescan vulnerable to arbitrary file create using logging.FileHandler\nUnsafe pickle deserialization allows unauthenticated attackers to perform Arbitrary File Creation. By chaining the logging.FileHandler class, an attacker can bypass RCE-focused blocklists to create empty files on the server. The vulnerability allows creating zero-byte files in arbitrary locations but does not permit overwriting or modifying existing files.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/mmaitre314/picklescan/commit/4d9bc9cd34bca8672dad3481cd4556d5ba747156", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/commit/4d9bc9cd34bca8672dad3481cd4556d5ba747156" }, { "reference_url": "https://github.com/mmaitre314/picklescan/pull/60", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/pull/60" }, { "reference_url": "https://github.com/mmaitre314/picklescan/releases/tag/v1.0.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/releases/tag/v1.0.1" }, { "reference_url": "https://github.com/advisories/GHSA-m7j5-r2p5-c39r", "reference_id": "GHSA-m7j5-r2p5-c39r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m7j5-r2p5-c39r" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r", "reference_id": "GHSA-m7j5-r2p5-c39r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73778?format=api", "purl": "pkg:pypi/picklescan@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dz86-5sqp-m3gj" }, { "vulnerability": "VCID-ffv8-d2fk-tubb" }, { "vulnerability": "VCID-mhm6-27cp-1yhr" }, { "vulnerability": "VCID-sapx-fzv8-pbcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@1.0.1" } ], "aliases": [ "GHSA-m7j5-r2p5-c39r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h67b-5y6y-xffd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50201?format=api", "vulnerability_id": "VCID-mhm6-27cp-1yhr", "summary": "Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER\nThis is a scanning bypass to `scan_pytorch` function in `picklescan`. As we can see in the implementation of [get_magic_number()](https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/torch.py#L76C5-L84) that uses `pickletools.genops(data)` to get the `magic_number` with the condition `opcode.name` includes `INT` or `LONG`, but the PyTorch's implemtation simply uses [pickle_module.load()](https://github.com/pytorch/pytorch/blob/134179474539648ba7dee1317959529fbd0e7f89/torch/serialization.py#L1797) to get this `magic_number`. For this implementation difference, we then can embed the `magic_code` into the `PyTorch` file via dynamic `eval` on the `\\_\\_reduce\\_\\_` trick, which can make the `pickletools.genops(data)` cannot get the `magic_code` in `INT` or `LONG` type, but the `pickle_module.load()` can still return the same `magic_code`, eading to a bypass.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/mmaitre314/picklescan/commit/b9997634683a4f4bd0c7e3701e7ce7e90fe70e8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/commit/b9997634683a4f4bd0c7e3701e7ce7e90fe70e8c" }, { "reference_url": "https://github.com/advisories/GHSA-97f8-7cmv-76j2", "reference_id": "GHSA-97f8-7cmv-76j2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97f8-7cmv-76j2" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-97f8-7cmv-76j2", "reference_id": "GHSA-97f8-7cmv-76j2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-97f8-7cmv-76j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74108?format=api", "purl": "pkg:pypi/picklescan@1.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dz86-5sqp-m3gj" }, { "vulnerability": "VCID-ffv8-d2fk-tubb" }, { "vulnerability": "VCID-sapx-fzv8-pbcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@1.0.3" } ], "aliases": [ "GHSA-97f8-7cmv-76j2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhm6-27cp-1yhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49943?format=api", "vulnerability_id": "VCID-r3gk-x182-juf5", "summary": "picklescan missing detection by simple obfuscation of a `builtins.eval` call\nAn unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the host loading a pickle payload from an untrusted source.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/mmaitre314/picklescan/commit/173c8f2a869ea9b69b543477525ec70611c3c6f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/commit/173c8f2a869ea9b69b543477525ec70611c3c6f4" }, { "reference_url": "https://github.com/mmaitre314/picklescan/pull/59", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/pull/59" }, { "reference_url": "https://github.com/mmaitre314/picklescan/releases/tag/v1.0.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/releases/tag/v1.0.1" }, { "reference_url": "https://github.com/advisories/GHSA-9m3x-qqw2-h32h", "reference_id": "GHSA-9m3x-qqw2-h32h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9m3x-qqw2-h32h" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9m3x-qqw2-h32h", "reference_id": "GHSA-9m3x-qqw2-h32h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9m3x-qqw2-h32h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73778?format=api", "purl": "pkg:pypi/picklescan@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dz86-5sqp-m3gj" }, { "vulnerability": "VCID-ffv8-d2fk-tubb" }, { "vulnerability": "VCID-mhm6-27cp-1yhr" }, { "vulnerability": "VCID-sapx-fzv8-pbcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@1.0.1" } ], "aliases": [ "GHSA-9m3x-qqw2-h32h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3gk-x182-juf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50546?format=api", "vulnerability_id": "VCID-sapx-fzv8-pbcw", "summary": "PickleScan's profile.run blocklist mismatch allows exec() bypass\npicklescan v1.0.3 blocks `profile.Profile.run` and `profile.Profile.runctx` but does NOT block the module-level `profile.run()` function. A malicious pickle calling `profile.run(statement)` achieves arbitrary code execution via `exec()` while picklescan reports 0 issues. This is because the blocklist entry `\"Profile.run\"` does not match the pickle global name `\"run\"`.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/advisories/GHSA-7wx9-6375-f5wh", "reference_id": "GHSA-7wx9-6375-f5wh", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wx9-6375-f5wh" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh", "reference_id": "GHSA-7wx9-6375-f5wh", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74402?format=api", "purl": "pkg:pypi/picklescan@1.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@1.0.4" } ], "aliases": [ "GHSA-7wx9-6375-f5wh" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sapx-fzv8-pbcw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49540?format=api", "vulnerability_id": "VCID-mp69-7jdd-8yhe", "summary": "Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter\nPicklescan uses _operator.attrgetter, which is a built-in python library function to execute remote pickle files.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/mmaitre314/picklescan/commit/f2dea43e0c838e09ace1e62994143254b51de927", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/commit/f2dea43e0c838e09ace1e62994143254b51de927" }, { "reference_url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.34" }, { "reference_url": "https://github.com/advisories/GHSA-46h3-79wf-xr6c", "reference_id": "GHSA-46h3-79wf-xr6c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46h3-79wf-xr6c" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-46h3-79wf-xr6c", "reference_id": "GHSA-46h3-79wf-xr6c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-46h3-79wf-xr6c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73134?format=api", "purl": "pkg:pypi/picklescan@0.0.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-afab-1ggb-8faa" }, { "vulnerability": "VCID-dz86-5sqp-m3gj" }, { "vulnerability": "VCID-ffv8-d2fk-tubb" }, { "vulnerability": "VCID-h67b-5y6y-xffd" }, { "vulnerability": "VCID-mhm6-27cp-1yhr" }, { "vulnerability": "VCID-r3gk-x182-juf5" }, { "vulnerability": "VCID-sapx-fzv8-pbcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.34" } ], "aliases": [ "GHSA-46h3-79wf-xr6c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mp69-7jdd-8yhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49534?format=api", "vulnerability_id": "VCID-sht8-2uh8-eydw", "summary": "Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller\nPicklescan uses _operator.methodcaller, which is a built-in python library function to execute remote pickle files.", "references": [ { "reference_url": "https://github.com/mmaitre314/picklescan", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan" }, { "reference_url": "https://github.com/mmaitre314/picklescan/commit/f2dea43e0c838e09ace1e62994143254b51de927", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/commit/f2dea43e0c838e09ace1e62994143254b51de927" }, { "reference_url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.34" }, { "reference_url": "https://github.com/advisories/GHSA-955r-x9j8-7rhh", "reference_id": "GHSA-955r-x9j8-7rhh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-955r-x9j8-7rhh" }, { "reference_url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-955r-x9j8-7rhh", "reference_id": "GHSA-955r-x9j8-7rhh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-955r-x9j8-7rhh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73134?format=api", "purl": "pkg:pypi/picklescan@0.0.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-afab-1ggb-8faa" }, { "vulnerability": "VCID-dz86-5sqp-m3gj" }, { "vulnerability": "VCID-ffv8-d2fk-tubb" }, { "vulnerability": "VCID-h67b-5y6y-xffd" }, { "vulnerability": "VCID-mhm6-27cp-1yhr" }, { "vulnerability": "VCID-r3gk-x182-juf5" }, { "vulnerability": "VCID-sapx-fzv8-pbcw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.34" } ], "aliases": [ "GHSA-955r-x9j8-7rhh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sht8-2uh8-eydw" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.34" }