picklescan - Arbitrary File Creation via logging.FileHandler Deserialization
Description
picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <1.0.1
Patches
Vulnerability mechanics
Root cause
"Unsafe pickle deserialization allows instantiation of logging.FileHandler, enabling arbitrary zero-byte file creation."
Attack vector
An unauthenticated attacker crafts a malicious pickle payload that instantiates `logging.FileHandler` via `__reduce__`. When the application deserializes the untrusted pickle data, the handler creates a zero-byte file at an attacker-specified path. The attack does not require authentication and can be delivered over the network wherever picklescan processes untrusted pickle input. [ref_id=1]
Affected code
The vulnerability resides in picklescan before version 1.0.1, where the application deserializes untrusted pickle data. The exploit abuses the standard library `logging.FileHandler` class to bypass RCE-focused blocklists and create arbitrary zero-byte files on the server. [ref_id=1]
What the fix does
The advisory does not include a published patch diff, but the fix is delivered in picklescan version 1.0.1. The remediation likely involves adding `logging.FileHandler` to the blocklist of dangerous classes or switching to a safer deserialization method (e.g., using `safetensors` or a restricted unpickler). Without the patch, the application remains vulnerable to arbitrary zero-byte file creation via pickle deserialization. [ref_id=1]
Preconditions
- inputThe application must deserialize untrusted pickle data without restricting dangerous classes like logging.FileHandler.
- authNo authentication is required; the attacker can submit the malicious pickle payload over the network.
- configThe attacker must know or guess a writable file path on the target filesystem.
Generated on Jun 21, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39rmitrevendor-advisory
- www.vulncheck.com/advisories/picklescan-arbitrary-file-creation-via-logging-filehandler-deserializationmitrethird-party-advisory
News mentions
0No linked articles in our index yet.