CVE-2025-46417

Published April 24th, 2025

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.

mmaitre314/picklescan

Security scanner detecting Python Pickle files performing suspicious actions

GitHub

329