Description
The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
cve@mitre.org
https://github.com/advisories/GHSA-93mv-x874-956gcve@mitre.org
https://github.com/mmaitre314/picklescan/pull/40134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/advisories/GHSA-93mv-x874-956g