ГлавнаяУязвимости → CVE-2025-46417
7.5высокая

CVE-2025-46417

Описание

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.

Затрагиваемое ПО
Mmaitre314 Picklescan
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/advisories/GHSA-93mv-x874-956ghttps://github.com/mmaitre314/picklescan/pull/40https://github.com/advisories/GHSA-93mv-x874-956g