GHSA-3vg9-h568-4w9m: 
Python vulnerability analysis and mitigation

A moderate severity vulnerability (GHSA-3vg9-h568-4w9m) was discovered in the picklescan library affecting versions below 0.0.29. The vulnerability involves a missing detection capability when calling the built-in Python idlelib.debugobj.ObjectTreeItem function, which could allow malicious pickle files to bypass security checks. The issue was disclosed and patched on August 26, 2025, with version 0.0.29 addressing the vulnerability (GitHub Advisory).

The vulnerability stems from picklescan's inability to detect potentially dangerous calls to idlelib.debugobj.ObjectTreeItem.SetText function. Attackers can craft a payload using the reduce method to call this built-in Python library function, which remains undetected by picklescan's security checks. The vulnerability allows arbitrary code execution when the pickle file is loaded, even after being scanned by the security tool (GitHub Advisory).

The vulnerability affects organizations and individuals relying on picklescan to detect malicious pickle files within PyTorch models. Attackers can exploit this vulnerability to embed malicious code in pickle files that remain undetected but execute when loaded. This creates potential for supply chain attacks, allowing attackers to distribute infected pickle files across machine learning models, APIs, and saved Python objects (GitHub Advisory).

The vulnerability has been patched in picklescan version 0.0.29. Users are advised to upgrade to this version or later to address the security issue. The fix includes adding detection for potentially dangerous calls to idlelib.debugobj.ObjectTreeItem.SetText and other similar built-in Python functions (Picklescan Commit).