GHSA-j424-mc44-f4hj: Duplicate Advisory: Picklescan Bypass is Possible via File Extension Mismatch

September 17, 2025

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-jgw4-cr84-mqxg. This link is maintained to preserve external references.

Original Description

An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

References

github.com/advisories/GHSA-j424-mc44-f4hj
github.com/mmaitre314/picklescan/blob/58983e1c20973ac42f2df7ff15d7c8cd32f9b688/src/picklescan/scanner.py
github.com/mmaitre314/picklescan/security/advisories/GHSA-jgw4-cr84-mqxg
nvd.nist.gov/vuln/detail/CVE-2025-10155

Code Behaviors & Features

Detect and mitigate GHSA-j424-mc44-f4hj with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →