Safety vulnerability ID: 75762
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of Picklescan are vulnerable to Reliance on Untrusted Inputs in a Security Decision. Picklescan fails to detect hidden pickle files embedded in PyTorch model archives due to its reliance on file extensions for detection. This allows an attacker to embed a secondary, malicious pickle file with a non-standard extension inside a model archive, which remains undetected by picklescan but is still loaded by PyTorch's torch.load() function. This can lead to arbitrary code execution when the model is loaded.
Latest version: 0.0.24
Security scanner detecting Python Pickle files performing suspicious actions
What's Changed
* Picklescan fails to detect unsafe globals in PyTorch models with non-standard Pickle file extensions by madgetr in https://github.com/mmaitre314/picklescan/commit/baf03faf88fece56a89534d12ce048e5ee36e50e https://github.com/mmaitre314/picklescan/security/advisories/GHSA-769v-p64c-89pr
* Picklescan fails to detect some unsafe globals by madgetr in https://github.com/mmaitre314/picklescan/commit/93764d62af72b0ec3e2dd693ab6a9774abbed953 https://github.com/mmaitre314/picklescan/security/advisories/GHSA-655q-fx9r-782v
**Full Changelog**: https://github.com/mmaitre314/picklescan/compare/v0.0.21...v0.0.22
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application