GHSA-83pf-v6qq-pwmr: Fickling has a detection bypass via stdlib network-protocol constructors
Summary
Fickling is a tool that checks whether pickle files (serialized Python objects) are safe to open. Researchers found that Fickling incorrectly marked dangerous pickle files as safe when they used network protocol constructors like SMTP, IMAP, FTP, POP3, Telnet, and NNTP, which establish outbound TCP connections during deserialization. The vulnerability has two causes: an incomplete blocklist of unsafe imports, and a logic flaw in the unused variable detector that fails to catch suspicious code patterns.
Solution / Mitigation
The incomplete blocklist issue is fixed in PR #233, which adds the six network-protocol modules (smtplib, imaplib, ftplib, poplib, telnetlib, and nntplib) to the UNSAFE_IMPORTS blocklist. The second root cause (the logic flaw in unused_assignments() function) is noted as unpatched in the source text.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-83pf-v6qq-pwmr
First tracked: February 20, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 85%