Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PickleScan Security Bypass Using Misleading File Extension
Vulnerability Description
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
picklescan 输入验证错误漏洞
Vulnerability Description
picklescan是Matthieu Maitre个人开发者的一个安全扫描程序。 picklescan 0.0.30及之前版本存在输入验证错误漏洞,该漏洞源于扫描逻辑中存在输入验证不当,可能导致远程攻击者通过提供带有PyTorch相关文件扩展名的标准pickle文件绕过安全检查,从而执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A