-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| picklescan | pip | <= 0.0.21 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from picklescan's reliance on file extensions to determine scan scope. The advisory explicitly states that non-standard extensions (e.g., .p) were ignored in versions ≤0.0.21. Functions responsible for file inclusion logic (like get_files_to_scan and is_pickle_file) would logically enforce this extension-based filtering. The confidence is high for get_files_to_scan as it directly controls scan scope, and medium for is_pickle_file since it's a likely helper for extension validation. Both align with CWE-646 (reliance on filenames/extensions).
Ongoing coverage of React2Shell