GHSA-9gvj-pp9x-gcfr: Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
(updated )
Detection bypass in both picklescan and modelscan. Note that it also affects the online hugging face pickle scanners, making the malicious pickle file bypass the detection.
References
- github.com/advisories/GHSA-9gvj-pp9x-gcfr
- github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py
- github.com/mmaitre314/picklescan/blob/2a8383cfeb4158567f9770d86597300c9e508d0f/src/picklescan/scanner.py
- github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f
- github.com/mmaitre314/picklescan/commit/58983e1c20973ac42f2df7ff15d7c8cd32f9b688
- github.com/mmaitre314/picklescan/releases/tag/v0.0.27
- github.com/mmaitre314/picklescan/security/advisories/GHSA-9gvj-pp9x-gcfr
- nvd.nist.gov/vuln/detail/CVE-2025-71325
- www.vulncheck.com/advisories/picklescan-detection-bypass-via-stack-global-opcode-parsing-logic-flaw
Code Behaviors & Features
Detect and mitigate GHSA-9gvj-pp9x-gcfr with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →