CNNVD-202509-2795 Information
CNNVD ID
CNNVD-202509-2795
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
picklescan是Matthieu Maitre个人开发者的一个安全扫描程序。 picklescan 0.0.30及之前版本存在安全漏洞,该漏洞源于模块名称检查不充分,可能导致绕过不安全全局检查并执行恶意代码。
Description (English)
Picklescan is a security scanning program for Matthieu Maitre personal developers. There is a security loophole in the picklescan 0.0.30 and earlier versions, which stems from inadequate module name checking, which may lead to an unsafe global check and the enforcement of malicious codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py#L309 https://github.com/mmaitre314/picklescan/security/advisories/GHSA-f7qq-56ww-84cr https://huggingface.co/iluem/linux_pkl/resolve/main/asyncio_asyncio_unix_events___UnixSubprocessTransport__start.pkl
Patch
https://github.com/mmaitre314/picklescan/releases
Share on: