Closed huntr-helper closed 2 years ago
@d3m0n-r00t - are you able to sign the CLA? Cheers! 🍰
Thanks for the proposed fix. I created #640 which properly fixes the issue in the context of petastorm (this PR would not pass unit tests)
Fixed by #640. Closing this PR.
https://huntr.dev/users/d3m0n-r00t has fixed the Arbitrary Code Execution vulnerability 🔨. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/petastorm/pull/1 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/pip/petastorm/1/README.md
User Comments:
📊 Metadata *
Fixed Arbitrary code execution in
petastorm
Bounty URL: https://www.huntr.dev/bounties/1-pip-petastorm/
⚙️ Description *
Petastorm
is an open source data access library developed at Uber ATG. This library enables single machine or distributed training and evaluation of deep learning models directly from datasets in Apache Parquet format. Petastorm supports popular Python-based machine learning (ML) frameworks such as Tensorflow, PyTorch, and PySpark. It can also be used from pure Python code.Vulnerability description
untrusted loading of data by thepickle.load
function leading toArbitrary code execution
.💻 Technical Description *
The function
depickle_legacy_package_name_compatible()
blindly loads a pickle file without any validation making it vulnerable toArbitrary Code Execution
. If the input pickle file is a malicious payload, create a file remotely.🐛 Proof of Concept (PoC) *
🔥 Proof of Fix (PoF) *
Fix when subprocess is called.
👍 User Acceptance Testing (UAT)
Applied fix from pickle official fix as explained in here. https://www.cmi.ac.in/~madhavan/courses/python-2014/docs/python-3.2.1-docs-html/library/pickle.html Proper working. (Something other than a payload).