Description
picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized.
Problem types
Incomplete List of Disallowed Inputs
Product status
Any version before 0.0.33
0.0.33 (semver)
Credits
0x-Apollyon
References
github.com/...lescan/security/advisories/GHSA-84r2-jw7c-4r5q
github.com/...lescan/security/advisories/GHSA-84r2-jw7c-4r5q (GHSA Advisory GHSA-84r2-jw7c-4r5q)
www.vulncheck.com/...cution-via-incomplete-disallowed-inputs (VulnCheck Advisory: picklescan - Remote Code Execution via Incomplete Disallowed Inputs)