Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| picklescan | picklescan | unaffected |
|
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mmaitre314 | Picklescan | 95% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-m273-6v24-x4m4 | Picklescan vulnerable to Arbitrary File Writing |
Thu, 18 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution. | |
| Title | picklescan - Arbitrary File Writing via distutils Module Bypass | |
| First Time appeared |
Mmaitre314
Mmaitre314 picklescan |
|
| Weaknesses | CWE-502 | |
| CPEs | cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Mmaitre314
Mmaitre314 picklescan |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-17T18:12:17.635Z
Reserved: 2026-06-08T20:44:31.209Z
Link: CVE-2025-71321
Vulnrichment
Updated: 2026-06-17T18:00:38.418Z
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-18T22:15:03Z