A critical vulnerability in the picklescan library allows remote attackers to bypass blocklists and execute arbitrary code on systems processing untrusted pickle data.

The library fails to properly restrict pkgutil.resolve_name, allowing an attacker to bypass existing blocklists. By utilizing indirect REDUCE calls, an attacker can invoke restricted functions like os.system or builtins.exec to achieve remote code execution.

The ability to execute arbitrary commands on a host system poses a severe risk of data theft, malware installation, and complete system takeover. With a CVSS score of 10.0, this vulnerability requires immediate attention for any application relying on picklescan for secure serialization handling.

Immediate Action: Upgrade the picklescan library to version 1.0.4 or later immediately to address the blocklist bypass.

Proactive Monitoring: Monitor application logs for unexpected execution of system-level commands or unauthorized attempts to access shell-related functions.

Compensating Controls: Implement strict input validation and ensure that any data processed by the application is sourced from trusted, authenticated origins to minimize exposure.

Public Exploit Available: null

This vulnerability is highly critical due to the ease of achieving remote code execution. Users must prioritize the update to version 1.0.4 to ensure the library's security controls are effectively enforced.