Wiz
Vulnerability DatabaseGHSA-f7qq-56ww-84cr

GHSA-f7qq-56ww-84cr
Python vulnerability analysis and mitigation

Overview

A Protection Mechanism Failure vulnerability (CWE-693) was discovered in picklescan versions up to and including 0.0.30, identified as GHSA-f7qq-56ww-84cr. The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check by using subclasses of dangerous imports instead of exact module names, potentially leading to arbitrary code execution. The vulnerability was published on September 8, 2025, and has been patched in version 0.0.31 (GitHub Advisory, NVD).

Technical details

The vulnerability stems from PickleScan's strict check for full module names against its list of unsafe globals in the _build_scan_result_from_raw_globals function. The scanner performed an exact match for module names, which allowed bypass through submodule imports. For example, if _unsafe_globals contained 'asyncio': '*', and a pickle file contained an object from asyncio.unix_events, picklescan would not flag it as dangerous because asyncio.unix_events is not identical to asyncio. The vulnerability has a CVSS v3.1 score of 8.3 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L (GitHub Advisory).

Impact

The vulnerability affects any organization or individual using PickleScan to analyze PyTorch models or other files distributed as ZIP archives for malicious pickle content. Attackers can craft malicious PyTorch models containing embedded pickle payloads and package them into ZIP archives, bypassing the PickleScan check by using subclasses of dangerous imports. This could lead to arbitrary code execution on the user's system when these malicious files are processed or loaded (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in picklescan version 0.0.31. The fix modifies the module name checking logic to properly handle submodules of dangerous packages. The patch implements a more comprehensive check that verifies if a module's root package is marked as dangerous, ensuring that submodules are also properly flagged. Users should upgrade to version 0.0.31 or later to receive the security fix (GitHub Advisory).

Additional resources

SourceThis report was generated using AI

Related Python vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-23949HIGH8.6
  • PythonPython
  • jaraco.context
NoYesJan 20, 2026
CVE-2026-22219HIGH8.3
  • PythonPython
  • chainlit
NoYesJan 20, 2026
CVE-2026-23842HIGH7.5
  • PythonPython
  • chatterbot
NoYesJan 19, 2026
CVE-2026-23877MEDIUM5.3
  • PythonPython
  • swingmusic
NoYesJan 19, 2026
CVE-2026-23833LOW1.7
  • PythonPython
  • esphome
NoYesJan 19, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo