Hello!
My CICD on Github blocks because of a security issue related to dvc 3.67.1 using pickle.load. I din't have this issue in the version 3.66.1.
This is the report:
Potential security risk (AI signal): pypi dvc is 68.0% likely risky
Notes: The fragment contains a major security risk: it uses pickle.load on a locally stored file (repro.dat) during experiment reproduction, which is an arbitrary code execution primitive if the file can be tampered with. Other notable risks include potential unintended filesystem operations (copying/staging) and network telemetry/exfiltration via post_live_metrics and optional auto-push based on environment/config. There is no clear evidence of stealthy backdoors or explicit malicious network endpoints in this fragment, but the deserialization behavior is sufficiently dangerous to require immediate remediation (replace pickle with a safe serialization format and validate inputs).
Confidence: 0.68
Severity: 0.80
From: uv.lock→ pypi/dvc@3.67.1
Hello!
My CICD on Github blocks because of a security issue related to dvc 3.67.1 using pickle.load. I din't have this issue in the version 3.66.1.
This is the report:
Potential security risk (AI signal): pypi dvc is 68.0% likely risky
Notes: The fragment contains a major security risk: it uses pickle.load on a locally stored file (repro.dat) during experiment reproduction, which is an arbitrary code execution primitive if the file can be tampered with. Other notable risks include potential unintended filesystem operations (copying/staging) and network telemetry/exfiltration via post_live_metrics and optional auto-push based on environment/config. There is no clear evidence of stealthy backdoors or explicit malicious network endpoints in this fragment, but the deserialization behavior is sufficiently dangerous to require immediate remediation (replace pickle with a safe serialization format and validate inputs).
Confidence: 0.68
Severity: 0.80
From: uv.lock→ pypi/dvc@3.67.1