JamieSlome
commented
3 years ago @d3m0n-r00t @Laicheng0830 - relates to https://github.com/tensorlayer/tensorlayer/issues/1116 and https://github.com/418sec/huntr/pull/1791.
Thanks! 🍰
Open huntr-helper opened 3 years ago
JamieSlome
commented
3 years ago @d3m0n-r00t @Laicheng0830 - relates to https://github.com/tensorlayer/tensorlayer/issues/1116 and https://github.com/418sec/huntr/pull/1791.
Thanks! 🍰
JamieSlome
commented
3 years ago @Laicheng0830, if you want more security fixes and patches like this in the future, you can let security researchers know that they can win bounties protecting your repository by copying this small code snippet into your README.md:
[](https://huntr.dev)
👇 👇 👇
@d3m0n-r00t (https://huntr.dev/users/d3m0n-r00t) has fixed a potential Arbitrary Code Execution vulnerability in your repository 🔨. For more information, visit our website (https://huntr.dev/) or click the bounty URL below...
Q | A Version Affected | * Bug Fix | YES Original Pull Request | https://github.com/418sec/tensorlayer/pull/1 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/pip/tensorlayer/1/README.md
User Comments:
📊 Metadata *
Fixed Arbitrary code execution in
tensorlayerBounty URL: https://www.huntr.dev/bounties/1-pip-tensorlayer
⚙️ Description *
TensorLayeris a novel TensorFlow-based deep learning and reinforcement learning library designed for researchers and engineers. It provides an extensive collection of customizable neural layers to build advanced AI models quickly. This package is vulnerable toArbitrary Code Execution.💻 Technical Description *
Use of
eval()ineval_layer()function without escaping causes execution of system commands.🐛 Proof of Concept (PoC) *
OR
🔥 Proof of Fix (PoF) *
👍 User Acceptance Testing (UAT)
As explained above
ast.literal_eval()can only be used in common strings and not complex expressions. So not sure on how this will affect the package. However it is safer for evaluvating simple expressions.