Headline

GHSA-4p4h-9gvq-7xfg: Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references.

Original Description

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.

25 days ago

ghsa

Open in Source

#vulnerability #git #ssl

GitHub Advisory Database
GitHub Reviewed
GHSA-4p4h-9gvq-7xfg

Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Moderate severity GitHub Reviewed Published Apr 24, 2025 to the GitHub Advisory Database • Updated Apr 24, 2025

Withdrawn This advisory was withdrawn on Apr 24, 2025

Package

pip picklescan (pip)

Affected versions

< 0.0.25

Published by the National Vulnerability Database

Apr 24, 2025

Published to the GitHub Advisory Database

Apr 24, 2025

Last updated

Apr 24, 2025

ghsa: Latest News

GHSA-r683-v43c-6xqv: samlify SAML Signature Wrapping attack

4 hours ago

ghsa

GHSA-5j3w-5pcr-f8hg: Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes

4 hours ago

ghsa

GHSA-4pg4-qvpc-4q3h: Multer vulnerable to Denial of Service from maliciously crafted requests

5 hours ago

ghsa

GHSA-44fp-w29j-9vj5: Multer vulnerable to Denial of Service via memory leaks from unclosed streams

5 hours ago

ghsa

GHSA-8qff-qr5q-5pr8: OpenPGP.js's message signature verification can be spoofed

5 hours ago

ghsa