⚠ Withdrawn by GitHub Security Advisories

Withdrawn: June 18, 2026

GHSA-rmpp-8wf5-xx5qCriticalCVSS 9.8Disclosed before NVD

Duplicate Advisory: Picklescan vulnerable to Arbitrary File Writing

Published
June 17, 2026
Last Modified
June 18, 2026

📋 Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-m273-6v24-x4m4. This link is maintained to preserve external references.

Original Description

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.

🎯 Affected products1

  • pip/picklescan:< 0.0.33

🔗 References (4)