GHSA-xgj3-g5r2-m8rfHighCVSS 8.1
picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when...
🔗 CVE IDs covered (1)
📋 Description
picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().