Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security vulnerabilities discovered in Picklescan, an open-source security scanner for Python pickle files. The flaws allow malicious actors to bypass the tool's protections and execute arbitrary code by loading untrusted PyTorch models. Picklescan is designed to parse Python pickle files and detect suspicious content, but these vulnerabilities effectively render its security protections useless. The bypass could enable supply chain attacks targeting machine learning workflows that rely on PyTorch models. Organizations using Picklescan for security scanning of ML models are at risk of code execution attacks.