-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description explicitly mentions that 'The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.' The provided commit 118e80b0789d76fb5d0eeb6545840f4f3085edc7 from pull request #40 addresses this by adding 'ssl' to the UNSAFE_GLOBALS list in src/picklescan/scanner.py. The patch comment + "ssl": "*", # DNS exfiltration via ssl.get_server_certificate() directly links the change to ssl.get_server_certificate and its use in DNS exfiltration. Furthermore, the test case DNSLogPayload added in the same commit demonstrates the exploit mechanism using __import__("ssl") and getattr(ssl_mod, "get_server_certificate"). Therefore, ssl.get_server_certificate is the function that would be called during exploitation and is the focus of the described vulnerability and its patch.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| picklescan | pip | < 0.0.25 |
PythonPythonOngoing coverage of React2Shell