New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
an unsafe use of pickle #1582
Comments
This issue seems to have gotten CVE-2024-34997 assigned. |
This patch adds a new optional argument to the read_array method to enable pickle. By default the pickle load is disabled. This is based on the actual code in numpy/lib/format.py: numpy/numpy@a2bd3a7 Fix CVE-2024-34997, joblib#1582
This patch adds a new optional argument to the read_array method to enable pickle. By default the pickle load is disabled. This is based on the actual code in numpy/lib/format.py: numpy/numpy@a2bd3a7 Fix CVE-2024-34997, joblib#1582
This patch adds a new optional argument to the read_array method to enable pickle. By default the pickle load is disabled. This is based on the actual code in numpy/lib/format.py: numpy/numpy@a2bd3a7 Fix CVE-2024-34997, joblib#1582
Hello, Thanks for the issue, however, I don't think it makes sense in the context of the Here, the IMO, a simpler and unsafe pattern is even simpler than this: import os
import pickle
class A:
def __reduce__(self):
return (os.system,('whoami',))
a=A()
with open('a.pkl','wb') as file:
pickle.dump(a,file)
with open('a.pkl', 'rb') as file:
pickle.load(file) So why add an extra feature to avoid this in a nested case? I am closing this issue for now but feel free to continue the discussion if you think I am missing some points. |
Python 3.9.13, joblib 1.4.2
joblib.numpy_pickle::NumpyArrayWrapper().read_array() use pickle.load() to deserialize data, which may allows to execute evil code locally,if the project runs on a public online server,it may cause romate attack through reverse shell.
poc
run
python .\test.py
, and the shell will display your username, that is the result of cmdwhoami
The text was updated successfully, but these errors were encountered: