Skip to content
This repository was archived by the owner on Dec 19, 2023. It is now read-only.

Fix Arbitary Code Execution in MixMatch-Pytorch#1

Open
b1nslashsh wants to merge 1 commit into418sec:masterfrom
b1nslashsh:master
Open

Fix Arbitary Code Execution in MixMatch-Pytorch#1
b1nslashsh wants to merge 1 commit into418sec:masterfrom
b1nslashsh:master

Conversation

@b1nslashsh
Copy link
Copy Markdown

@b1nslashsh b1nslashsh commented Feb 19, 2021

📊 Metadata *

Access-Control package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization.

Bounty URL:

https://www.huntr.dev/bounties/1-other-MixMatch-Pytorch-Implementation/

⚙️ Description *

Vulnerable to YAML deserialization attack caused by unsafe loading.

💻 Technical Description *

Fixed by avoiding unsafe loader.

🐛 Proof of Concept (PoC) *

import os

os.system('git clone https://github.com/DimoDimchev/Access-Control')
os.chdir('Access-Control/')

payload = """cmd: !!python/object/new:type
  args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
  listitems: "__import__('os').system('calc.exe')"
"""

open('data/data.yaml','w+').write(payload)
os.system("python3 src/main.py")

🔥 Proof of Fix (PoF) *

fixed Arbitary Code Execution in MixMatch-Pytorch by adding SafeLoader

👍 User Acceptance Testing (UAT)

everything working fine after fix 👍🏻

🔗 Relates to...

https://www.huntr.dev/bounties/1-other-MixMatch-Pytorch-Implementation/

@huntr-helper
Copy link
Copy Markdown

huntr-helper commented Feb 19, 2021

👋 Hello, @Gooongna - @b1nslashsh has opened a PR to us with a fix for a potential vulnerability in your repository. To view the vulnerability, please refer to the bounty URL in the first comment, above.

Ultimately, you get to decide if the fix is 👍 or 👎. If you are happy with the fix, please write a new comment (@huntr-helper - LGTM) and we will open a PR to your repository with the fix. All remaining PRs for this vulnerability will be automatically closed.

If you have any questions or need support, come and join us on our community Discord!

@Gooongna & @b1nslashsh - thank you for your efforts in securing the world’s open source code! 🎉

🔨 Want more security researchers protecting your repository?

Stick our badge on your README.md, and let security researchers know that they can win bounties protecting your repositories. Sounds cool, huh? 😎

Copy this small code snippet and insert it into your README.md:

[![huntr](https://cdn.huntr.dev/huntr_security_badge.svg)](https://huntr.dev)

👇 👇 👇

huntr

huntr-helper pushed a commit to 418sec/huntr that referenced this pull request Feb 19, 2021
Added fix submission to FixSubmissionCount for 418sec/MixMatch-Pytorc…
65de346 
…h-Implementation#1
@b1nslashsh
Copy link
Copy Markdown
Author

b1nslashsh commented Feb 22, 2021

hey @Gooongna

any updates on this?
regards
muhaimin

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@b1nslashsh @huntr-helper