CNNVD-202509-2799 Information
CNNVD ID
CNNVD-202509-2799
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
picklescan是Matthieu Maitre个人开发者的一个安全扫描程序。 picklescan存在安全漏洞,该漏洞源于ZIP存档扫描组件处理异常条件不当,可能导致绕过安全扫描并执行恶意代码。
Description (English)
Picklescan is a security scanning program for Matthieu Maitre personal developers. There is a security loophole in Picklescan, which stems from the inappropriate handling of unusual conditions in the ZIP archive scanning component, which may lead to the circumvention of the security scan and the implementation of malicious codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/mmaitre314/picklescan/blob/v0.0.29/src/picklescan/relaxed_zipfile.py#L35 https://github.com/mmaitre314/picklescan/security/advisories/GHSA-mjqp-26hc-grxg https://huggingface.co/jinaai/jina-embeddings-v2-base-en/resolve/main/pytorch_model.bin?download=true https://huggingface.co/jinaai/jina-embeddings-v2-base-en/tree/main
Patch
https://github.com/mmaitre314/picklescan/releases
Share on: