Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PickleScan Bypasses Unsafe Globals Check Using Submodule Imports
Vulnerability Description
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
picklescan 安全漏洞
Vulnerability Description
picklescan是Matthieu Maitre个人开发者的一个安全扫描程序。 picklescan 0.0.30及之前版本存在安全漏洞,该漏洞源于模块名称检查不充分,可能导致绕过不安全全局检查并执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A