picklescan - Arbitrary File Writing via distutils Module Bypass
Description
picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.file_util.write_file. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <0.0.33
Patches
Vulnerability mechanics
Root cause
"The dangerous blocklist in picklescan does not include the `distutils` module, allowing `distutils.file_util.write_file` to bypass protections and write arbitrary files."
Attack vector
An attacker crafts a malicious pickle file whose `__reduce__` method returns `distutils.file_util.write_file` along with a target file path and content. When picklescan scans this pickle, the dangerous blocklist does not flag `distutils`, allowing the file write operation to execute. This can overwrite critical system files such as `.ssh/authorized_keys` or web server configurations, leading to denial of service or remote code execution [ref_id=1].
Affected code
The vulnerability lies in picklescan's dangerous blocklist, which includes `open()` and `shutil` but fails to block the `distutils` module. An attacker can use `distutils.file_util.write_file` to write arbitrary files, bypassing the existing protections [ref_id=1].
What the fix does
The advisory recommends adding `distutils` to the dangerous blocklist. Without a published patch, the fix would ensure that `distutils.file_util.write_file` is treated as a dangerous function and blocked during pickle scanning, preventing arbitrary file writes [ref_id=1].
Preconditions
- inputThe attacker must supply a malicious pickle file to a system running picklescan before version 0.0.33.
- configThe target system must have picklescan configured to scan pickle files without blocking the distutils module.
Generated on Jun 18, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-m273-6v24-x4m4ghsaADVISORY
- github.com/mmaitre314/picklescan/security/advisories/GHSA-m273-6v24-x4m4ghsavendor-advisory
- www.vulncheck.com/advisories/picklescan-arbitrary-file-writing-via-distutils-module-bypassghsathird-party-advisory
- github.com/mmaitre314/picklescan/commit/70c1c6c31beb6baaf52c8db1b6c3c0e84a6f9dabghsa
- github.com/mmaitre314/picklescan/pull/53ghsa
- github.com/mmaitre314/picklescan/releases/tag/v0.0.33ghsa
- nvd.nist.gov/vuln/detail/CVE-2025-71321ghsa
News mentions
0No linked articles in our index yet.