-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability, identified as GHSA-m273-6v24-x4m4, allows for arbitrary file writing by leveraging the distutils.file_util.write_file function within a malicious pickle file. The Picklescan tool is designed to detect such dangerous operations but failed to do so in this case.
The root cause of the vulnerability is an incomplete blocklist of dangerous modules. The fix, present in commit 70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab, involves adding "distutils.file_util": "*" to the _unsafe_globals dictionary in src/picklescan/scanner.py.
The function that consumes this blocklist to make security decisions is _build_scan_result_from_raw_globals. This function iterates through globals extracted from a pickle file and checks them against the _unsafe_globals list. Before the patch, it would not find distutils.file_util in the list and would therefore not flag it as a dangerous module. This failure in detection is the core of the vulnerability.
During the exploitation of this vulnerability (i.e., when running Picklescan on a malicious pickle), the _build_scan_result_from_raw_globals function would be a key part of the execution flow, appearing in any runtime profile or stack trace. Therefore, it is identified as the vulnerable function because it contains the flawed detection logic.
_build_scan_result_from_raw_globalssrc/picklescan/scanner.py
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| picklescan | pip | < 0.0.33 | 0.0.33 |