picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand

An attacker crafts a pickle file whose `__reduce__` method calls `idlelib.pyshell.ModifiedInterpreter.runcommand` with a payload such as `__import__('os').system('whoami')`. The victim uses picklescan to verify the file, but picklescan does not flag this function as dangerous. When the victim subsequently calls `pickle.load()`, the payload executes, achieving remote code execution [ref_id=1].

The vulnerability resides in picklescan's failure to detect `idlelib.pyshell.ModifiedInterpreter.runcommand` as a dangerous reduce method. The advisory states that picklescan before 0.0.30 does not flag this built-in Python library function, allowing malicious pickle files to bypass scanning [ref_id=1].

The patch adds `idlelib.pyshell.ModifiedInterpreter.runcommand` to picklescan's list of dangerous reduce functions. By including this built-in Python function in the detection set, picklescan now flags pickle files that attempt to use it, preventing the undetected execution of arbitrary commands when the pickle is loaded [ref_id=1].