GHSA-84r2-jw7c-4r5q: Picklescan has Incomplete List of Disallowed Inputs
Currently picklescanner only blocks some specific functions of the pydoc and operator modules. Attackers can use other functions within these allowed modules to go through undetected and achieve RCE on the final user. Particularly
- pydoc.locate: Can dynamically resolve and import arbitrary modules (e.g., resolving the string “os” to the actual os module).
- operator.methodcaller: Allows executing a method on an object. When combined with a resolved module object, it can execute functions like system.
Since locate and methodcaller are not explicitly listed in the deny-list, picklescan treats them as “Safe” or “Suspicious” (depending on configuration) but does not flag them as “Dangerous”, allowing the malicious file to bypass the security check.
References
- github.com/advisories/GHSA-84r2-jw7c-4r5q
- github.com/mmaitre314/picklescan
- github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab
- github.com/mmaitre314/picklescan/pull/53
- github.com/mmaitre314/picklescan/releases/tag/v0.0.33
- github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q
Code Behaviors & Features
Detect and mitigate GHSA-84r2-jw7c-4r5q with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →