CNNVD-202509-2800 Information
CNNVD ID
CNNVD-202509-2800
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
picklescan是Matthieu Maitre个人开发者的一个安全扫描程序。 picklescan 0.0.30及之前版本存在输入验证错误漏洞,该漏洞源于扫描逻辑中存在输入验证不当,可能导致远程攻击者通过提供带有PyTorch相关文件扩展名的标准pickle文件绕过安全检查,从而执行恶意代码。
Description (English)
Picklescan is a security scanning program for Matthieu Maitre personal developers. Picklescan 0.0.30 and previous versions have input validation error holes, which stem from inappropriate input validation in the scanning logic and may result in a remote attacker circumventing the malicious code by providing a standard pickle file with an extension for PyTorch-related files.
Hazard Level
Low
Vulnerability Type
输入验证错误
Affected Vendor
个人开发者
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py#L463 https://github.com/mmaitre314/picklescan/security/advisories/GHSA-jgw4-cr84-mqxg
Patch
https://github.com/mmaitre314/picklescan/releases
Share on: