Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-j424-mc44-f4hj

GitHub Security Advisory

Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch

✓ GitHub Reviewed CRITICAL Withdrawn
View on GitHub

Advisory Details

### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references.

### Original Description
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Affected Packages

PyPI picklescan
Affected versions: 0 (fixed in 0.0.31)

Key Information

GHSA ID
GHSA-j424-mc44-f4hj
Published
September 17, 2025 12:30 PM
Last Modified
September 17, 2025 8:24 PM
CVSS Score
9.0 /10
Primary Ecosystem
PyPI
Primary Package
picklescan
GitHub Reviewed
✓ Yes
Withdrawn
September 17, 2025 8:24 PM

Dataset

Last updated: September 18, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.