GHSA-chm9-4rm6-p4gfHighCVSS 8.1

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards...

Published
July 4, 2026
Last Modified
July 4, 2026

🔗 CVE IDs covered (1)

📋 Description

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded.

🔗 References (4)