-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| picklescan | pip | < 0.0.31 | 0.0.31 |
Miggo AIRoot Cause AnalysisThe vulnerability, as described, lies in the picklescan library's failure to properly detect malicious code when it's loaded from a submodule of a known dangerous Python package. The scanner was performing an exact match against its list of unsafe modules, which an attacker could bypass.
My analysis pinpointed the _build_scan_result_from_raw_globals function within src/picklescan/scanner.py as the location of the vulnerable logic. I confirmed this by examining the commit that patched the vulnerability. The patch introduces a new check to see if a module is a submodule of a dangerous parent module (e.g., checking for asyncio when asyncio.unix_events is imported).
The vulnerable code, which simply performed a dictionary lookup (_unsafe_globals.get(g.module)), was insufficient. The added code block explicitly checks for submodules, thereby closing the security hole. Any runtime profile during the exploitation of this vulnerability would inevitably pass through the _build_scan_result_from_raw_globals function as it is central to the process of identifying global imports in the pickle file being scanned.
PythonPythonOngoing coverage of React2Shell