Tag
Picklescan before version 0.0.28 contains a deserialization vulnerability where it fails to properly detect malicious pickle files. Attackers can craft these files with embedded code that exploits the `torch._dynamo.guards.GuardBuilder.get` function in reduce methods, leading to arbitrary command execution when loaded on a victim system.