GHSA-wccx-j62j-r448: Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked
fickling.always_check_safety() does not hook all pickle entry points. pickle.loads, _pickle.loads, and _pickle.load remain unprotected, enabling malicious payload execution despite global safety mode being enabled.
References
Code Behaviors & Features
Detect and mitigate GHSA-wccx-j62j-r448 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →