Listen to this Post
The vulnerability in SciO stems from its dependency on a vulnerable version of PyTorch (torch <= 2.5.1). The underlying flaw, within PyTorch’s `torch.load` function with weights_only=True, fails to properly sanitize deserialized data. This insufficiency allows a remote attacker to craft a malicious serialized file, such as a model weights file (.pt, .pth). When this file is processed by SciO, which uses the vulnerable torch.load, the deserialization process can be manipulated to execute arbitrary system commands on the server. This occurs because the attacker can embed and trigger code within the serialized payload, leading to a complete compromise of the application server, despite the intended safety of the `weights_only` parameter.
Platform: SciO
Version: <= 1.0.0
Vulnerability : RCE
Severity: Critical
date: 2024-10-08
Prediction: 2024-10-25
What Undercode Say:
find . -name ".pt" -o -name ".pth" python -c "import torch; print(torch.<strong>version</strong>)" pip list | grep torch
Malicious payload example structure
class Exploit:
def <strong>reduce</strong>(self):
import os
return (os.system, ('rm -rf /critical/path',))
How Exploit:
Attacker hosts a malicious model file. User’s SciO application loads the file via torch.load. Embedded code executes upon deserialization.
Protection from this CVE
Upgrade SciO to version >= 1.0.1. Manually ensure PyTorch dependency is torch >= 2.6.
Impact:
Remote Code Execution, Full system compromise, Data breach.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
