Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A logic flaw in Trail of Bits fickling, a Python library used to inspect and gate untrusted pickle files, allows malicious pickle files to bypass the tool’s ML-based import allowlist entirely. Any pipeline using fickling versions 0.1.11 or earlier as a security gate for pickle deserialization may be accepting files it should block, without generating any alert. Organizations using fickling to screen model files or serialized data in AI/ML pipelines should treat this as a gap in a defensive control, not a direct system compromise.

Author

Tech Jacks Solutions