Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dp66-vtjz-b7ad
SummaryFickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by `pty` missing from the block list of unsafe module imports. This led to unsafe pickles based on `pty.spawn()` being incorrectly flagged as `LIKELY_SAFE`, and was fixed in version 0.1.6. This impacted any user or system that used Fickling to vet pickle files for security issues.
Aliases
0
alias CVE-2025-67748
1
alias GHSA-r7v6-mfhq-g3m2
2
alias PYSEC-2025-113
Fixed_packages
0
url pkg:pypi/fickling@0.1.6
purl pkg:pypi/fickling@0.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.1.6
Affected_packages
0
url pkg:pypi/fickling@0.0.1
purl pkg:pypi/fickling@0.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.1
1
url pkg:pypi/fickling@0.0.2
purl pkg:pypi/fickling@0.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.2
2
url pkg:pypi/fickling@0.0.3
purl pkg:pypi/fickling@0.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.3
3
url pkg:pypi/fickling@0.0.4
purl pkg:pypi/fickling@0.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.4
4
url pkg:pypi/fickling@0.0.5
purl pkg:pypi/fickling@0.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.5
5
url pkg:pypi/fickling@0.0.6
purl pkg:pypi/fickling@0.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.6
6
url pkg:pypi/fickling@0.0.7
purl pkg:pypi/fickling@0.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.7
7
url pkg:pypi/fickling@0.0.8
purl pkg:pypi/fickling@0.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.0.8
8
url pkg:pypi/fickling@0.1.2
purl pkg:pypi/fickling@0.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.1.2
9
url pkg:pypi/fickling@0.1.3
purl pkg:pypi/fickling@0.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.1.3
10
url pkg:pypi/fickling@0.1.4
purl pkg:pypi/fickling@0.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.1.4
11
url pkg:pypi/fickling@0.1.5
purl pkg:pypi/fickling@0.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp66-vtjz-b7ad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/fickling@0.1.5
References
0
reference_url https://github.com/trailofbits/fickling
reference_id
reference_type
scores
url https://github.com/trailofbits/fickling
1
reference_url https://github.com/trailofbits/fickling/pull/108
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/trailofbits/fickling/pull/108
2
reference_url https://github.com/trailofbits/fickling/pull/187
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/trailofbits/fickling/pull/187
3
reference_url https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67748
reference_id CVE-2025-67748
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-67748
5
reference_url https://github.com/advisories/GHSA-r7v6-mfhq-g3m2
reference_id GHSA-r7v6-mfhq-g3m2
reference_type
scores
url https://github.com/advisories/GHSA-r7v6-mfhq-g3m2
Weaknesses
0
cwe_id 184
name Incomplete List of Disallowed Inputs
description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
1
cwe_id 502
name Deserialization of Untrusted Data
description The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
2
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
4
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.8 - 7.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dp66-vtjz-b7ad