⚠ Withdrawn by GitHub Security Advisories
Withdrawn: June 18, 2026
GHSA-rmpp-8wf5-xx5qCriticalCVSS 9.8Disclosed before NVD
Duplicate Advisory: Picklescan vulnerable to Arbitrary File Writing
📋 Description
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m273-6v24-x4m4. This link is maintained to preserve external references.
Original Description
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.
🎯 Affected products1
- pip/picklescan:< 0.0.33