austin-ralls-cs
commented
4 years ago Closed in c2539554e2f128a4adab6e3c939e61e58e96b3d7
Closed austin-ralls-cs closed 4 years ago
austin-ralls-cs
commented
4 years ago Closed in c2539554e2f128a4adab6e3c939e61e58e96b3d7
The workaround to https://github.com/CarveSystems/banjo/issues/8 using files would let an attacker with the ability to write to /tmp/out.json.pickle as your user at specific times perform a pickle deserialization attack.
https://github.com/CarveSystems/banjo/blob/bd07db6c3a8de9b4eff56d381c581909b0ea2b05/binaryview.py#L51
imo if someone already has the required access, it's probably already game over, but it's still bad to have this vuln.