CVE-2025-46417

Medium CVSS: 6.8

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.

Vendor

Mmaitre314

Product

Picklescan

CWE

CWE-184

Yayın Tarihi

2025-04-24 01:15:49

Güncelleme

2025-10-01 19:39:33

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-184 Picklescan MEDIUM Mmaitre314 2025

Referanslar

https://github.com/advisories/GHSA-93mv-x874-956g https://github.com/mmaitre314/picklescan/pull/40 https://github.com/advisories/GHSA-93mv-x874-956g

Benzer Kayıtlar

Critical

CVE-2025-10157

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remot…

Critical

CVE-2025-10156

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 pickles…

Critical

CVE-2025-10155

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0…

Medium

CVE-2025-1945

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag…

Medium

CVE-2025-1944

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e…

Medium

CVE-2025-1889

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An atta…