GHSA-chm9-4rm6-p4gfHighCVSS 8.1
picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards...
🔗 CVE IDs covered (1)
📋 Description
picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded.