{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47801?format=json","vulnerability_id":"VCID-rsm5-cnha-hbc2","summary":"Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references.\n\n### Original Description\nAn Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.","aliases":[{"alias":"GHSA-j424-mc44-f4hj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46352?format=json","purl":"pkg:pypi/picklescan@0.0.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/picklescan@0.0.31"}],"affected_packages":[],"references":[{"reference_url":"https://github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py#L463","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py#L463"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10155","reference_id":"CVE-2025-10155","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10155"},{"reference_url":"https://github.com/advisories/GHSA-j424-mc44-f4hj","reference_id":"GHSA-j424-mc44-f4hj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j424-mc44-f4hj"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsm5-cnha-hbc2"}