Duplicate Advisory: Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

GHSA-4p4h-9gvq-7xfg

Published Apr 24, 2025 · Modified Apr 24, 2025

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references.

Original Description

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-46417
WEB https://github.com/mmaitre314/picklescan/pull/40
ADVISORY https://github.com/advisories/GHSA-93mv-x874-956g

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes