Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Examples:
python3 -m simiki.cli new -t "Hello Simiki<svg/onload=alert(1)>" -c first-catetory python3 -m simiki.cli g python3 -m simiki.cli p
The affected file appears to be https://github.com/tankywoo/simiki/blob/master/simiki/generators.py Line 54
By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
https://github.com/tankywoo/simiki/blob/master/simiki/config.py line 64 Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
This can lead to remote code execution.
When simiki loads a malicious _config.xml file.
Payload:
!!python/object/new:os.system ["/Applications/Calculator.app/Contents/MacOS/Calculator"]
When using smiik again, smiik will load _config.yml and cause remote code execution
The text was updated successfully, but these errors were encountered:
Thanks for your report.
The first problem, enable autoescape need theme also add safe, and I will fix it later.
autoescape
safe
The second problem was fixed in version 1.6.2.2.
Sorry, something went wrong.
No branches or pull requests
1.XSS
Examples:
The affected file appears to be
https://github.com/tankywoo/simiki/blob/master/simiki/generators.py Line 54
By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
2.RCE
https://github.com/tankywoo/simiki/blob/master/simiki/config.py line 64
Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
This can lead to remote code execution.
When simiki loads a malicious _config.xml file.
Payload:
When using smiik again, smiik will load _config.yml and cause remote code execution

The text was updated successfully, but these errors were encountered: