GHSA-r48f-3986-4f9c: fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist

March 13, 2026

Two independent bugs in fickling’s AST-based static analysis combine to allow a malicious pickle file to execute arbitrary stdlib function calls - including reading sensitive files - while check_safety() returns Severity.LIKELY_SAFE and fickling.load() completes without raising UnsafeFileError.

A server using fickling.load() as a security gate before deserializing untrusted pickle data (its documented use case) is fully bypassed. The attacker receives the contents of any file readable by the server process as the return value of fickling.load().

References

github.com/advisories/GHSA-r48f-3986-4f9c
github.com/trailofbits/fickling
github.com/trailofbits/fickling/commit/7f39d97258217ee2c21a1f5031d4a6d7343eb30d
github.com/trailofbits/fickling/releases/tag/v0.1.10
github.com/trailofbits/fickling/security/advisories/GHSA-r48f-3986-4f9c

Code Behaviors & Features

Detect and mitigate GHSA-r48f-3986-4f9c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →