The Hacker News

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Picklescan flaws allowed attackers to bypass scans and execute hidden code in malicious PyTorch models before the latest ...
theregister

Alternatively: Python's pickle pilloried with prudent premonition of poisoning

Evan Sultanik, principal computer security researcher with Trail of Bits, has unpacked the Python world’s pickle data format and found it distasteful. He is not the first to do so, and acknowledges as ...
Infosecurity Magazine

Critical PickleScan Vulnerabilities Expose AI Model Supply Chains

Three critical zero-day vulnerabilities affecting PickleScan, a widely used tool for scanning Python pickle files and PyTorch ...
GitHub

kbid-XXX-DES-Pickle-1.md

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:des-pickle Serialisation is used by application to easely store an object and transfer it across systems and networks. If an ...
GitHub

kbid-XXX-DES-Pickle-2.md

$ sudo docker pull blabla1337/owasp-skf-lab:des-pickle-2 $ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:des-pickle-2 First, make sure python3 ...
Security Boulevard

Never a dill moment: Exploiting machine learning pickle files

Many machine learning (ML) models are Python pickle files under the hood, and it makes sense. The use of pickling conserves memory, enables start-and-stop model training, and makes trained models ...
IEEE

An Analysis of Python Serialization towards Distributed Systems

Abstract: We explored the current state of Python serialization in the context of distributed computing. The challenging points addressed are: object-type support, speed and size, version ...