theregister

Alternatively: Python's pickle pilloried with prudent premonition of poisoning

Evan Sultanik, principal computer security researcher with Trail of Bits, has unpacked the Python world’s pickle data format and found it distasteful. He is not the first to do so, and acknowledges as ...
GitHub

Python 2/3 compatibility layer for Pickle

From this point, you can safely assume that what's pickled with pickle.dumps() in Python 2 can be converted back to the real object in Python 3 with pickle.loads(), and vise versa. However, note that ...
Security Boulevard

Understanding Python pickling and how to use it securely

Pickle in Python is primarily used in serializing and deserializing a Python object structure. In other words, it’s the process of converting a Python object into a byte stream to store it in a ...
IEEE

An Analysis of Python Serialization towards Distributed Systems

Abstract: We explored the current state of Python serialization in the context of distributed computing. The challenging points addressed are: object-type support, speed and size, version ...
Security Boulevard

Never a dill moment: Exploiting machine learning pickle files

Many machine learning (ML) models are Python pickle files under the hood, and it makes sense. The use of pickling conserves memory, enables start-and-stop model training, and makes trained models ...
GitHub

postmodern/python-pickle.rb

Supports deserializing Python Pickle data into Ruby objects. Optionally supports only parsing Python Pickle data streams for debugging purposes. Supports Pickle protocol 0, protocol 1, protocol 2, ...
GIGAZINE

With the release of the image generation AI 'Stable Diffusion' as open source, many useful ...

Derived models are hosted in online repositories such as Hugging Face and GitHub, or distributed using torrents and uploaders, but malware is installed in models published by unspecified people. There ...