← voltar
CVE-2025-71357

picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand

CVSS 7.6 HIGHEPSS 0.2%CWE-502
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
picklescan · picklescan

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-j343-8v2j-ff7whttps://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-undetected-idlelib-pyshell-modifiedinterpreter-runcommand