Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-11963 | The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization. |
Github GHSA |
GHSA-93mv-x874-956g | Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Oct 2025 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mmaitre314
Mmaitre314 picklescan |
|
| CPEs | cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Mmaitre314
Mmaitre314 picklescan |
|
| Metrics |
cvssV3_1
|
Thu, 24 Apr 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 24 Apr 2025 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization. | |
| Weaknesses | CWE-184 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-04-24T14:51:19.232Z
Reserved: 2025-04-24T00:00:00.000Z
Link: CVE-2025-46417
Updated: 2025-04-24T14:51:14.560Z
Status : Analyzed
Published: 2025-04-24T01:15:49.983
Modified: 2025-10-01T19:39:33.773
Link: CVE-2025-46417
No data.
OpenCVE Enrichment
No data.
EUVD
Github GHSA