{"data":{"id":"94c7b535-f184-400d-b566-10cac3f99d71","title":"GHSA-5hwf-rc88-82xm: Fickling missing RCE-capable modules in UNSAFE_IMPORTS","summary":"Fickling, a security tool that checks if pickle files (serialized Python objects) are safe, was missing three standard library modules from its blocklist of dangerous imports: `uuid`, `_osx_support`, and `_aix_support`. These modules contain functions that can execute arbitrary commands on a system, and malicious pickle files using them could bypass Fickling's safety checks and run attacker-controlled code.","solution":"The modules `uuid`, `_osx_support` and `_aix_support` were added to the blocklist of unsafe imports (via commit ffac3479dbb97a7a1592d85991888562d34dd05b). This fix is available in versions after fickling 0.1.8.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-5hwf-rc88-82xm","publishedAt":"2026-03-04T21:31:03.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":["fickling@<= 0.1.8 (fixed: 0.1.9)"],"affectedVendors":[],"affectedVendorsRaw":["fickling"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}