Python Package: MLAlchemy
Version: Before 0.2.2
Published: Nov. 7th. 2017
Reported by: Joel
CVE-2017-16615 CVE_details
Overview
MLAlchemy
is a Python-based utility library aimed at allowing relatively safe conversion from YAML/JSON to SQLAlchemy read-only queries. One use case here is to allow RESTful web applications (written in Python) to receive YAML- or JSON-based queries for data, e.g. from a front-end JavaScript-based application. By exploiting vulnerability, attackers can execute arbitrary python commands resulting in command execution. Due to a wide range of involved, the vulnerability is extremely dangerous.
An issue was discovered in the MLAlchemy
package before 0.2.2
.Untrusted data passed into the parse_yaml_query()
function can execute arbitrary python commands resulting in command execution.
POC
1 2 |
|
Poc Video
Remediation
The updated versions of MLAlchemy (0.2.2)
correctly use the yaml.safe_load
method which prevents remote code execution.