Sonatype has discovered and disclosed four vulnerabilities in picklescan, a tool designed to help developers scan Python pickle files for malicious content. Pickle files, used for serializing and deserializing Python AI/ML models, can be a security risk as they allow for arbitrary code execution during the deserialization process.
*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Trevor Madge. Read the original post at: https://www.sonatype.com/blog/bypassing-picklescan-sonatype-discovers-four-vulnerabilities
