Skip to content

Fix unsafe pickle deserialization in reward server (CVE-2026-25873)#139

Open
Chocapikk wants to merge 2 commits intoVectorSpaceLab:mainfrom
Chocapikk:fix/unsafe-pickle-deserialization
Open

Fix unsafe pickle deserialization in reward server (CVE-2026-25873)#139
Chocapikk wants to merge 2 commits intoVectorSpaceLab:mainfrom
Chocapikk:fix/unsafe-pickle-deserialization

Conversation

@Chocapikk
Copy link

@Chocapikk Chocapikk commented Mar 18, 2026

Summary

  • Replace all pickle.loads() / pickle.dumps() calls in reward_proxy.py and reward_server.py with a safe JSON + base64 serialization module (safe_serialization.py)
  • pickle.loads() on untrusted HTTP POST bodies allows arbitrary code execution (CWE-502)
  • The new safe_serialization module handles PIL Images, dicts, lists, tuples, and primitives without executing arbitrary code during deserialization

Changed files

File Change
safe_serialization.py New module - JSON + base64 serialization for PIL Images
reward_proxy.py Replace pickle imports and calls with safe_serialization
reward_server.py Replace pickle imports and calls with safe_serialization

References

@Chocapikk
Fix: Replace unsafe pickle deserialization with JSON-based serialization
7949ef4 
pickle.loads() on untrusted HTTP input allows arbitrary code execution
(CWE-502). Replace all pickle serialization in reward_proxy.py and
reward_server.py with a safe JSON + base64 format via safe_serialization.py.

Ref: CVE-2026-25873
@Chocapikk
Fix: Clean up docstring in safe_serialization module
58f9533
@LEEKIYOON-SEC LEEKIYOON-SEC mentioned this pull request Mar 18, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Chocapikk