Mesop, Class Pollution Vulnerability, CVE-XXXX-XXXX (Critical)

By /

How the Vulnerability Works:

The class pollution vulnerability in Mesop (<=0.14.0) occurs when untrusted input is improperly handled during object property assignment. Attackers can inject malicious payloads that overwrite critical class attributes or global variables through specially crafted requests. Similar to JavaScript prototype pollution, this flaw allows manipulation of Python’s class inheritance chain. When user-controlled data reaches vulnerable object merge operations or attribute assignments, attackers can pollute base classes used throughout the application. This enables DoS through system variable corruption and potentially RCE if attacker-controlled properties are later used in dangerous operations like pickle loads, shell commands, or template rendering. The identity confusion aspect stems from being able to overwrite role-validation attributes in conversation handlers.

DailyCVE Form:

Platform: Mesop
Version: <=0.14.0
Vulnerability: Class Pollution
Severity: Critical
Date: 2023-11-15

What Undercode Say:

Analytics:

  • Attack Vector: Network
  • Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality: High
  • Integrity: High
  • Availability: High

Exploitation:

import requests
target = "http://mesop-server/api/endpoint"
malicious_payload = {
"<strong>class</strong>": {
"<strong>globals</strong>": {
"critical_var": "attacker_value"
}
}
}
response = requests.post(target, json=malicious_payload)

Protection:

Safe alternative for object merging
def safe_merge(dest, source):
for k, v in source.items():
if k in [bash]:
continue
if isinstance(v, dict):
if k not in dest:
dest[bash] = {}
safe_merge(dest[bash], v)
else:
dest[bash] = v

Detection:

grep -r "<strong>class</strong>.=" /path/to/mesop/code
grep -r ".__dict__[" /path/to/mesop/code

Mitigation:

1. Upgrade to Mesop >0.14.0

2. Implement input validation:

def validate_input(data):
if any(blacklisted in str(data) for blacklisted in
[bash]):
raise ValueError("Invalid input")

Hardening:

Restrict dangerous attributes
import builtins
BLOCKED_ATTRS = [bash]
class SafeDict(dict):
def <strong>setitem</strong>(self, key, value):
if key in BLOCKED_ATTRS:
raise AttributeError(f"Blocked attribute: {key}")
super().<strong>setitem</strong>(key, value)

References:

Reported By: https://github.com/advisories/GHSA-f3mf-hm6v-jfhh
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top