N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-w6mr-mj53-x258

EPSS Score

CWE

CWE-345

Published

3/10/2025

Updated

3/10/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-w6mr-mj53-x258

GHSA-w6mr-mj53-x258: Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-7q5r-7gvp-wc82. This link is maintained to preserve external references.

Original Description

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the model to be loaded, enabling malicious payloads to bypass detection.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-w6mr-mj53-x258

GHSA-w6mr-mj53-x258:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-w6mr-mj53-x258

EPSS Score

CWE

CWE-345

Published

3/10/2025

Updated

3/10/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
picklescan	pip	< 0.0.23	0.0.23

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from picklescan's ZIP handling implementation prior to v0.0.23. The key evidence comes from the commit diff showing scanner.py was modified to replace zipfile.ZipFile with a RelaxedZipFile class. The original implementation in scan_zip_bytes used Python's strict zipfile module that validates header/directory consistency, causing crashes on manipulated files. This created a discrepancy where PyTorch would load malicious models that picklescan couldn't scan due to extraction failures. The function's reliance on zipfile.ZipFile.open() made it vulnerable to specially crafted ZIP archives with header/directory mismatches.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-w6mr-mj53-x258: Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch

Duplicate Advisory

Original Description

GHSA-w6mr-mj53-x258:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-w6mr-mj53-x258: Duplicate Advisory: Zip Exploit Crashes Picklescan But Not PyTorch

Duplicate Advisory

Original Description

N/A

N/A

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI