[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-56315":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-23T18:49:48.409Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":55,"aliases":56,"duplicate_of":9,"upstream":57,"downstream":58,"duplicates":59,"related":60,"reserved_at":9,"published_at":61,"modified_at":62,"state":63,"summary":64,"references_raw":71,"kevs":82,"epss":9,"epss_history":83,"metrics":84,"affected":92},"CVE-2026-56315","picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked modules to achieve remote code execution while bypassing picklescan's safety validation entirely.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-184","Incomplete List of Disallowed Inputs","The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.","weakness","Draft","Base",[19,23,27,31,35,39,43,47,51],{"id":20,"name":21,"techniques":22},"CAPEC-120","Double Encoding",[],{"id":24,"name":25,"techniques":26},"CAPEC-15","Command Delimiters",[],{"id":28,"name":29,"techniques":30},"CAPEC-182","Flash Injection",[],{"id":32,"name":33,"techniques":34},"CAPEC-3","Using Leading 'Ghost' Character Sequences to Bypass Input Filters",[],{"id":36,"name":37,"techniques":38},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":40,"name":41,"techniques":42},"CAPEC-6","Argument Injection",[],{"id":44,"name":45,"techniques":46},"CAPEC-71","Using Unicode Encoding to Bypass Validation Logic",[],{"id":48,"name":49,"techniques":50},"CAPEC-73","User-Controlled Filename",[],{"id":52,"name":53,"techniques":54},"CAPEC-85","AJAX Footprinting",[],[],[],[],[],[],[],"2026-06-23T12:13:02.736Z","2026-06-23T13:16:50.727Z","PUBLISHED",{"cisa_kev":65,"cisa_ransomware":65,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":66,"severity_score":67,"severity_version":68,"severity_source":69,"severity_vector":70,"severity_status":63},false,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[72,77],{"url":73,"sources":74,"tags":75},"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-g38g-8gr9-h9xp",[69],[76],"Vendor Advisory",{"url":78,"sources":79,"tags":80},"https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-unblocked-standard-library-modules",[69],[81],"Third Party Advisory",[],[],[85],{"source":69,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":86,"cvss_v4_0":89},{"baseScore":67,"baseSeverity":87,"vectorString":70,"impactScore":67,"exploitabilityScore":88},"CRITICAL",10,{"baseScore":90,"baseSeverity":87,"vectorString":91,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[93],{"ecosystem":9,"name":94,"vendor":95,"product":95,"cpe_part":96,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":97},"Picklescan","picklescan","a",[98],{"version":99,"is_range":100,"range_type":69,"version_start":9,"version_start_type":9,"version_end":101,"version_end_type":102,"fixed_in":9},"\u003C 1.0.4",true,"1.0.4","excluding"]