Vulnerability DatabaseGHSA-f7qq-56ww-84cr

GHSA-f7qq-56ww-84cr:
Python vulnerability analysis and mitigation

Overview

The vulnerability (GHSA-f7qq-56ww-84cr) affects PickleScan versions <= 0.0.30, with a patch available in version 0.0.31. The security flaw allows malicious actors to bypass PickleScan's unsafe globals check mechanism, potentially leading to arbitrary code execution. The vulnerability stems from PickleScan's strict checking of full module names against its list of unsafe globals, where attackers can circumvent the security check by using subclasses of dangerous imports instead of exact module names (GitHub Advisory).

Technical details

The vulnerability exploits PickleScan's module name validation mechanism. The issue occurs because the scanner only checks for exact matches in the unsafe globals dictionary, failing to identify dangerous submodules. For example, when processing imports from packages like 'asyncio.unix_events', the scanner fails to recognize it as dangerous even though 'asyncio' is listed in the unsafe globals dictionary. The vulnerability has a CVSS score of 8.3 (High) with the following metrics: Network attack vector, Low attack complexity, No privileges required, User interaction required, Unchanged scope, and High impact on both confidentiality and integrity (GitHub Advisory).

Impact

The vulnerability affects any organization or individual using PickleScan to analyze PyTorch models or files distributed as ZIP archives for malicious pickle content. Attackers can craft malicious PyTorch models containing embedded pickle payloads and package them into ZIP archives, successfully bypassing the PickleScan security checks. This bypass could lead to arbitrary code execution on the user's system when these malicious files are processed or loaded (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in version 0.0.31 of PickleScan. The fix involves modifying the unsafe globals check to consider submodules of dangerous imports. The patch implements a more comprehensive check that verifies if the imported module starts with any known dangerous module name and ensures proper validation of submodule relationships (GitHub Commit).

Additional resources

Source: This report was generated using AI

Related Python vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
GHSA-9mv7-3c64-mmqw	HIGH	8.7	Python	xml2rfc	No	Yes	Sep 10, 2025
GHSA-f7qq-56ww-84cr	HIGH	8.3	Python	picklescan	No	Yes	Sep 10, 2025
GHSA-jgw4-cr84-mqxg	HIGH	7.8	Python	picklescan	No	Yes	Sep 10, 2025
GHSA-mjqp-26hc-grxg	HIGH	7.5	Python	picklescan	No	Yes	Sep 10, 2025
CVE-2025-59035	MEDIUM	4.6	Python	indico	No	Yes	Sep 10, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

GHSA-f7qq-56ww-84cr: Python vulnerability analysis and mitigation