N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-hf6h-9wq7-hmjg

EPSS Score

CWE

CWE-693

Published

9/17/2025

Updated

9/17/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-hf6h-9wq7-hmjg

GHSA-hf6h-9wq7-hmjg: Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-f7qq-56ww-84cr. This link is maintained to preserve external references.

Original Description

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio').

When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-hf6h-9wq7-hmjg

EPSS Score

CWE

CWE-693

Published

9/17/2025

Updated

9/17/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
picklescan	pip	< 0.0.31	0.0.31

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, as described, lies in the picklescan library's failure to properly detect malicious code when it's loaded from a submodule of a known dangerous Python package. The scanner was performing an exact match against its list of unsafe modules, which an attacker could bypass.

My analysis pinpointed the _build_scan_result_from_raw_globals function within src/picklescan/scanner.py as the location of the vulnerable logic. I confirmed this by examining the commit that patched the vulnerability. The patch introduces a new check to see if a module is a submodule of a dangerous parent module (e.g., checking for asyncio when asyncio.unix_events is imported).

The vulnerable code, which simply performed a dictionary lookup (_unsafe_globals.get(g.module)), was insufficient. The added code block explicitly checks for submodules, thereby closing the security hole. Any runtime profile during the exploitation of this vulnerability would inevitably pass through the _build_scan_result_from_raw_globals function as it is central to the process of identifying global imports in the pickle file being scanned.

Vulnerable functions

_build_scan_result_from_raw_globals

src/picklescan/scanner.py

The function `_build_scan_result_from_raw_globals` is vulnerable because it performs an exact match for module names when checking for unsafe globals. This allows an attacker to bypass the check by using a submodule of a dangerous package. For instance, if 'asyncio' is blacklisted, 'asyncio.unix_events' would not be detected as malicious. The patch addresses this by adding logic to check if a module is a submodule of a known dangerous module.

WAF Protection Rules

WAF Rule

### *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-**qq-**ww-***r. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ### Ori*in*l **s*ription * Prot**tion M****nism **ilur* vuln*r**ility in mm*itr**** pi

Reasoning

T** vuln*r**ility, *s **s*ri***, li*s in t** `pi*kl*s**n` li*r*ry's **ilur* to prop*rly **t**t m*li*ious *o** w**n it's lo**** *rom * su*mo*ul* o* * known **n**rous Pyt*on p**k***. T** s**nn*r w*s p*r*ormin* *n *x**t m*t** ***inst its list o* uns***

N/A

Basic Information

Concerned about an active attack path?

GHSA-hf6h-9wq7-hmjg: Duplicate Advisory: Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Duplicate Advisory

Original Description

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI